Re: how to protect name servers against cache corruption

[Paul A Vixie <vixie () vix com>]

> Since, as you say, this has an "operations" context (the integrity of the
> Internet domain service in realistic danger), it might be appropriate and
> appreciated for you to detail the steps you and the ISC have taken to
> resolve these problems in BIND 8.1.1. 

I'm happy to help, sure.

> Does 8.1.1 validate resource records?

To the extent possible without DNSSEC, yes.

> Does it use random query IDs? 

In a noncryptorandom way, yes.  (With 16 bits it almost doesn't matter.)

> My understanding of Kashpureff's attack was that it was of minimal
> complexity (specifically, that he ripped off some kid's cname-bouncing
> script). I am therefore concerned at what appears to be the use of his
> apparently unsophisticated attack as a metric for the security of BIND
> 8.1.1.

I wrote <URL:ftp://ftp.vix.com/pri/vixie/bindsec.psf> in September of 1995
and presented it at the 5th Usenix Security Symposium in Salt Lake City.

Noone in the security field has any right to expect any implementation of
DNS to be secure until DNSSEC is widely implemented.

I'm sorry if something I said misled you to believe otherwise.