SANS: DNS Bug Now Public?

Paul Vixie vixie at isc.org
Thu Jul 24 11:17:11 CDT 2008


regnauld at catpipe.net (Phil Regnauld) writes:

> 	Case in point, we've got customers running around in circles
> 	screaming "we need to upgrade, please help us upgrade NOW",
> 	but they have _3_ layers of routers and firewalls that are hardcoded to
> 	only allow DNS queries from port 53.

please take this problem, and all related threads, to
<dns-operations at lists.oarci.net>.  this is NANOG.  there
are plenty of people on that other mailing list willing
to help and interested in helping with DNS issues.

fwiw, we all know that udp port randomization isn't a
panacea and that it will break many previously-working
configurations.  we just don't know what else to do NOW
while we wait for godot or whomever to deliver us DNSSEC.
-- 
Paul Vixie

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





More information about the NANOG mailing list