|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: how to protect name servers against cache corruption
> > Noone in the security field has any right to expect any implementation of > > DNS to be secure until DNSSEC is widely implemented. > this statement bothers me. certainly without DNSSEC there can be no *assurances* of security, but there is a gaping chasm between the current system and DNSSEC that could be closed significantly with proper design. simply stating that until DNSSEC arrives these attacks are going to be allowed is a copout. ben > > I'm sorry if something I said misled you to believe otherwise. > > So BIND 8.1.1 is NOT "immune" to the poisoned resource-record attack? I > ask because you specifically stated that it was. Sorry to nag, I'd just > like to see this clarified to the operations community. > > Again, thanks for your time and patience! > > ---------------- > Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [[email protected]] > ---------------- > "If you're so special, why aren't you dead?" > >
|