nanog mailing list archives
Re: how to protect name servers against cache corruption
From: Paul A Vixie <vixie () vix com>
Date: Tue, 29 Jul 1997 18:08:50 -0700
Noone in the security field has any right to expect any implementation of DNS to be secure until DNSSEC is widely implemented.I'm sorry if something I said misled you to believe otherwise.So BIND 8.1.1 is NOT "immune" to the poisoned resource-record attack? I ask because you specifically stated that it was. Sorry to nag, I'd just like to see this clarified to the operations community.
BIND 4.9.6 and 8.1.1 are immune to all known attacks, including the one Eugene Kashpureff copied and put into wide public use recently. I know of attacks we are not immune to, which cannot be stopped without DNSSEC. My paper, whose URL I gave in the previous message, alludes to some of these without exactly giving a road map for their use.
Current thread:
- how to protect name servers against cache corruption Paul A Vixie (Jul 22)
- Re: how to protect name servers against cache corruption Robert Bowman (Jul 22)
- Re: how to protect name servers against cache corruption Michael Dillon (Jul 22)
- Re: how to protect name servers against cache corruption Deepak Jain (Jul 22)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 22)
- Re: how to protect name servers against cache corruption Juergen Georgi (Jul 22)
- Re: how to protect name servers against cache corruption Karl Denninger (Jul 22)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Ben Black (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)