nanog mailing list archives
Re: how to protect name servers against cache corruption
From: "Perry E. Metzger" <perry () piermont com>
Date: Tue, 29 Jul 1997 22:38:02 -0400
Ben Black writes:
so a statement from paul that the internet is effectively broken until DNSSEC is acceptable to you even if there are known ways to combat known attacks?
I will be charitable and not comment on your ancestry or intelligence at this time. I will only say that there *are* no ways to combat the attacks Paul is speaking of. All the attacks that can be defended against without DNSSEC are properly handled by Bind 8.1.1. The attacks that cannot be stopped can't be stopped, period. Paul didn't design the DNS and you don't get to change history to fix existing problems after the fact. What we should be doing is deploying DNSSEC, of course. If people would donate sufficient funds to ISC I suspect that would happen faster -- as it stands, Paul develops BIND out of money from his own pocket, and I don't get the impression he's drowning in cash.
stop worshipping long enough to think about the ramifications of this.
The major ramification appears to be that you don't have the sense to keep from speaking about topics you don't understand. This is an ever so common failing. Perry
Current thread:
- Re: how to protect name servers against cache corruption, (continued)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Christopher Masto (Jul 29)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 30)
- Re: how to protect name servers against cache corruption tqbf (Jul 30)
- Re: how to protect name servers against cache corruption Deepak Jain (Jul 30)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 30)
- Message not available
- Re: how to protect name servers against cache corruption Jay R. Ashworth (Jul 30)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- off-topic (Re: how to protect name servers against cache corruption ) Paul A Vixie (Jul 29)
- Re: off-topic (Re: how to protect name servers against cache corruption ) Larry Vaden (Jul 29)
- Re: off-topic (Re: how to protect name servers against cache corruption ) Ben Black (Jul 30)
- Re: how to protect name servers against cache corruption Lon R. Stockton, Jr. (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Paul Ferguson (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)