Vixie warns: DNS Changer ‘blackouts’ inevitable

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Wed May 23 05:40:16 UTC 2012


On Tue, May 22, 2012 at 10:07:52PM -0700, Michael J Wise wrote:
> 
> On May 22, 2012, at 9:10 PM, bmanning at vacation.karoshi.com wrote:
> 
> > On Tue, May 22, 2012 at 08:52:52PM -0700, Michael J Wise wrote:
> >> 
> >> On May 22, 2012, at 8:35 PM, Randy Bush wrote:
> >> 
> >>> father of bind?  that's news.
> >> 
> >> 	<http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html>
> >> 
> >> He was there, and Put The Fix In, to down the network.
> > 
> > 	Certainly news to Phil Almquist and the entire BIND development team
> > 	at UCB.   Paul was at DECWRL and cut his teeth on pre-existing code.
> > 	While he (and ISC) have since revised, gutted, tossed all the orginal
> > 	code, rebuilt it twice - and others have done similar for their DNS
> > 	software,  based on the BIND code base, implementation assumptions, and 
> > 	with little or no ISC code, and they call it BIND as well,  it would be 
> > 	a HUGE leap of faith to call Paul Vixie the father of 
> > 		BIND - The Berkeley Internet Naming Daemon.
> 
> Methinks we're talking at cross purposes.

	maybe... :)  my comment was refering to the "father of bind" statement.

> > 	As for being there and "Put The Fix In"...  Makes for great PR but 
> > 	in actual fact, its a bandaid that is not going to stem the tide.
> > 	An actual fix would really need to change the nature of the creaky
> > 	1980's implementation artifacts that this community loves so well.
> 
> I don't think we're talking about the same thing at all.
> Paul was there to shut down the DNS changer system and replace it with something that restored functionality to the infected machines.
> And I gather Paul will be one of the people who will turn the lights out on it.

	He didn't "shut down" DNS Changer, he put up an equivalent system to hijack
	DNS traffic and direct it to the "right" place...  SO folks didn't see any
	problem and the DNS Changer infection grew and got worse.  When he is legally
	required to take his "bandaide" out of service, then the problem will resolve
	by folks who will have to clean their systems.

	As for "turning the lights out" - that will only happen when the value of 
	DNS hijacking drops.   As it is now,  ISC has placed DNS hijacking code
	into their mainstream code base... because DNS hijacking is so valuable to 
	folks.  In a modestly favorable light, ISC looks like an arms dealer (DNS redirection)
	to the bad guys -AND- (via DNSSEC) the good guys.  Either way, they make money.

	And yes, I think I agree with you.  Paul will be there to turn things off when 
	they no longer make money for his company.

> Your other comments are non-sequitur to the main issue.

	Perhaps I am not a member of the Paul Vixie cult of personality.  

> When those servers are turned off, Customer Support folks at many ISPs will prolly want to take their accrued vacation.

	Amen.  And there will be thousands more of them when the court order expires than
	existed when the Feds called him in.

/bill
> Aloha,
> Michael.
> -- 
> "Please have your Internet License             
>  and Usenet Registration handy..."
> 
> 




More information about the NANOG mailing list