bicknell at ufp.org
Wed Aug 5 09:18:11 CDT 2009
In a message written on Tue, Aug 04, 2009 at 11:32:46AM -0700, Kevin Oberman wrote:
> There is NO fix. There never will be as the problem is architectural
> to the most fundamental operation of DNS. Other than replacing DNS (not
> feasible), the only way to prevent this form of attack is DNSSEC. The
> "fix" only makes it much harder to exploit.
I don't understand why replacing DNS is "not feasible".
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 825 bytes
Desc: not available
More information about the NANOG