North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: On-going Internet Emergency and Domain Names

  • From: Paul Vixie
  • Date: Sat Mar 31 02:15:06 2007

whoa.  this is like deja vu all over again.  when [email protected] asked me to
patch BIND gethostbyaddr() back in 1994 or so to disallow non-ascii host
names in order to protect sendmail from a /var/spool/mqueue/qf* formatting
vulnerability, i was fresh off the boat and did as i was asked.  a dozen
years later i find that that bug in sendmail is long gone, but the pain
from BIND's "check-names" logic is still with us.  i did the wrong thing
and i should have said "just fix sendmail, i don't care how much easier
it would be to patch libc, that's just wrong."

are we really going to stop malware by blackholing its domain names?  if
so then i've got some phone calls to make.
Paul Vixie