nanog mailing list archives
Re: SANS: DNS Bug Now Public?
From: Paul Vixie <vixie () isc org>
Date: Thu, 24 Jul 2008 16:17:11 +0000
regnauld () catpipe net (Phil Regnauld) writes:
Case in point, we've got customers running around in circles
screaming "we need to upgrade, please help us upgrade NOW",
but they have _3_ layers of routers and firewalls that are hardcoded to
only allow DNS queries from port 53.
please take this problem, and all related threads, to <dns-operations () lists oarci net>. this is NANOG. there are plenty of people on that other mailing list willing to help and interested in helping with DNS issues. fwiw, we all know that udp port randomization isn't a panacea and that it will break many previously-working configurations. we just don't know what else to do NOW while we wait for godot or whomever to deliver us DNSSEC. -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- SANS: DNS Bug Now Public? Jon Kibler (Jul 22)
- Re: SANS: DNS Bug Now Public? Christian Koch (Jul 22)
- Re: SANS: DNS Bug Now Public? Jorge Amodio (Jul 22)
- Re: SANS: DNS Bug Now Public? Steven M. Bellovin (Jul 23)
- Re: SANS: DNS Bug Now Public? Jorge Amodio (Jul 23)
- Re: SANS: DNS Bug Now Public? Joe Abley (Jul 23)
- Re: SANS: DNS Bug Now Public? Darren Bolding (Jul 23)
- Re: SANS: DNS Bug Now Public? Jasper Bryant-Greene (Jul 23)
- Re: SANS: DNS Bug Now Public? Phil Regnauld (Jul 24)
- Re: SANS: DNS Bug Now Public? Paul Vixie (Jul 24)
- Re: SANS: DNS Bug Now Public? Steven M. Bellovin (Jul 23)