Dan Kaminsky

Leo Bicknell bicknell at ufp.org
Wed Aug 5 09:18:11 CDT 2009


In a message written on Tue, Aug 04, 2009 at 11:32:46AM -0700, Kevin Oberman wrote:
> There is NO fix. There never will be as the problem is architectural
> to the most fundamental operation of DNS. Other than replacing DNS (not
> feasible), the only way to prevent this form of attack is DNSSEC. The
> "fix" only makes it much harder to exploit.

I don't understand why replacing DNS is "not feasible".

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090805/32c4207c/attachment.bin>


More information about the NANOG mailing list