Re: SANS: DNS Bug Now Public?

• From: Paul Vixie
• Date: Thu Jul 24 12:17:24 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

[email protected] (Phil Regnauld) writes:

> 	Case in point, we've got customers running around in circles
> 	screaming "we need to upgrade, please help us upgrade NOW",
> 	but they have _3_ layers of routers and firewalls that are hardcoded to
> 	only allow DNS queries from port 53.

please take this problem, and all related threads, to
<[email protected]>.  this is NANOG.  there
are plenty of people on that other mailing list willing
to help and interested in helping with DNS issues.

fwiw, we all know that udp port randomization isn't a
panacea and that it will break many previously-working
configurations.  we just don't know what else to do NOW
while we wait for godot or whomever to deliver us DNSSEC.
-- 
Paul Vixie

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

• References:
  • Re: SANS: DNS Bug Now Public? Joe Abley
  • Re: SANS: DNS Bug Now Public? Phil Regnauld

• Prev by Date: Re: Exploit for DNS Cache Poisoning - RELEASED
• Next by Date: Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning -
• Date Index
• Thread Index
• Author Index
• Historical