Re: Multiple DNS implementations vulnerable to cache poisoning

• From: Christopher Morrow
• Date: Wed Jul 09 12:05:50 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Wed, Jul 9, 2008 at 11:41 AM, Steven M. Bellovin <[email protected]> wrote:

> The ISC web page on the attack notes "DNSSEC is the only definitive
> solution for this issue. Understanding that immediate DNSSEC deployment
> is not a realistic expectation..."  I wonder what NANOG folk can do
> about the second part of that quote...

get the root zone signed, get com/net/org/ccTLD's signed.. oh wait,
that's not nanog... doh!

Pressure your local ICANN officers?

-Chris

• Follow-Ups:
  • Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth
  • Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad
  • Re: Multiple DNS implementations vulnerable to cache poisoning Joe Abley
  • Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin

• References:
  • Multiple DNS implementations vulnerable to cache poisoning Buhrmaster, Gary
  • Re: Multiple DNS implementations vulnerable to cache poisoning Steven M. Bellovin

• Prev by Date: Re: Building a BGP test network
• Next by Date: Re: Multiple DNS implementations vulnerable to cache poisoning
• Date Index
• Thread Index
• Author Index
• Historical