nanog mailing list archives

Re: Multiple DNS implementations vulnerable to cache poisoning

From: Russ Mundy <mundy () tislabs com>
Date: Thu, 10 Jul 2008 17:34:34 -0400

At 11:08 AM -0400 7/10/08, Christopher Morrow wrote:

On Thu, Jul 10, 2008 at 10:22 AM, Wes Hardaker <wjhns61 () hardakers net> wrote:

On Wed, 9 Jul 2008 22:55:05 -0400, "Christopher Morrow"
<morrowc.lists () gmail com> said:

aside from just getting some cctlds signed, i will be interested in the
tools, usability, work flow, ...  i.e. what is it like for a poor
innocent cctld which wants to sign their zone?


If there is sufficient interest, we could do a bar bof to describe some of
the tools IANA has...


CM> I think Sandy Murphy or other Sparta folks have presented some of the
CM> work they've done on this... Perhaps finding one/some of them and
CM> having a more operations focused presentation in LAX or ... is a good
CM> idea as well?

The tools that Sparta developed (and made freely available via an open
source packaged that is BSD licensed) can be found at
http://www.dnssec-tools.org/ .  In particular, signing a zone is


yup, and that's helpful stuff.


Great, we're trying to provide tools that will help with the deployment and
operation of DNSSEC.  We also try to keep a listing of all the 'pieces'
that we know about that could be helpful to folks who want to deploy and
use DNSSEC in various ways whether they are operating a signed zone,
running a validating resolver or wanting DNSSEC-aware applications. The url
for the listing is:

http://www.dnssec-deployment.org/tracker

We provide the listing as community resource and try to keep it reasonably
current. But we are always on the lookout for additional information (&
corrections) to the list - if you have any, please let me know.

------------->snip<--------------


All for free.  Don't you hate those ??biased??, freely-available,
source-code-supplied-so-you-can-change-it, BSD-licensed open source
packages?
--


I like free... as long as it's the hammer I need for the nails I have.

-Chris


We don't try to keep track of things in the listing by whether they or free
or not but I know a lot of them have typical open source type of licenses.

Russ

Current thread:

RE: Multiple DNS implementations vulnerable to cache poisoning, (continued)
- - - RE: Multiple DNS implementations vulnerable to cache poisoning Andrews Carl 455 (Jul 10)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Russ Mundy (Jul 10)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Joao Damas (Jul 10)
    - Message not available
    - Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad (Jul 10)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 09)
  - Re: Multiple DNS implementations vulnerable to cache poisoning Fernando Gont (Jul 09)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Patrick W. Gilmore (Jul 09)
    - RE: Multiple DNS implementations vulnerable to cache poisoning Eric Davis (Jul 09)
    - Re: Multiple DNS implementations vulnerable to cache poisoning Phil Regnauld (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning Paul Ferguson (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Russ Mundy (Jul 10)