nanog mailing list archives

Re: how to protect name servers against cache corruption

From: Ben Black <black () zen cypher net>
Date: Tue, 29 Jul 1997 21:19:54 -0400 (EDT)

Noone in the security field has any right to expect any implementation of
DNS to be secure until DNSSEC is widely implemented.


this statement bothers me.  certainly without DNSSEC there can be no 
*assurances* of security, but there is a gaping chasm between the current 
system and DNSSEC that could be closed significantly with proper design.

simply stating that until DNSSEC arrives these attacks are going to be 
allowed is a copout.


ben

I'm sorry if something I said misled you to believe otherwise.


So BIND 8.1.1 is NOT "immune" to the poisoned resource-record attack? I
ask because you specifically stated that it was. Sorry to nag, I'd just
like to see this clarified to the operations community.

Again, thanks for your time and patience!

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com]
----------------
"If you're so special, why aren't you dead?"

Current thread:

Re: how to protect name servers against cache corruption, (continued)
- - - Re: how to protect name servers against cache corruption Christopher Masto (Jul 29)
    - Re: how to protect name servers against cache corruption tqbf (Jul 29)
    - Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
    - Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 30)
    - Re: how to protect name servers against cache corruption tqbf (Jul 30)
    - Re: how to protect name servers against cache corruption Deepak Jain (Jul 30)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 30)
    - Message not available
    - Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
    - Re: how to protect name servers against cache corruption Ben Black (Jul 29)
    - Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
    - Re: how to protect name servers against cache corruption Ben Black (Jul 29)
    - off-topic (Re: how to protect name servers against cache corruption ) Paul A Vixie (Jul 29)
    - Re: off-topic (Re: how to protect name servers against cache corruption ) Larry Vaden (Jul 29)
    - Re: off-topic (Re: how to protect name servers against cache corruption ) Ben Black (Jul 30)
    - Re: how to protect name servers against cache corruption Lon R. Stockton, Jr. (Jul 29)
    - Re: how to protect name servers against cache corruption Ben Black (Jul 29)
    - Re: how to protect name servers against cache corruption tqbf (Jul 29)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
    - Re: how to protect name servers against cache corruption Paul Ferguson (Jul 29)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)

(Thread continues...)