nanog mailing list archives

Re: how to protect name servers against cache corruption

From: Paul A Vixie <vixie () vix com>
Date: Tue, 29 Jul 1997 18:59:32 -0700

Let me put this another more interesting and more direct way.

Postulate a name server with the following properties:

        1. Actually works on and is connected to the live Internet.
        2. RFC compliant except as nec'y to comply with #1 above.
        3. No DNSSEC, no TSIG, no SECUPD.
        4. Completely bug free.

You go right ahead and build that name server, and I will drive a truck,
no, better still a bus or even a backhoe, right through its front window.

DNS is not secure and cannot be made so.  BIND-8.1.1 is the best there is,
and it's what you should run, but as long as you run DNS without DNSSEC,
your confidence level should be set accordingly.

PS:

BIND is definitely #1, is almost #2, is definitely #3, and trying to be #4.

Current thread:

Re: how to protect name servers against cache corruption, (continued)
- Re: how to protect name servers against cache corruption Michael Dillon (Jul 22)
  - Re: how to protect name servers against cache corruption Deepak Jain (Jul 22)
  - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 22)
- Re: how to protect name servers against cache corruption Juergen Georgi (Jul 22)
- Re: how to protect name servers against cache corruption Karl Denninger (Jul 22)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
  - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
    - Re: how to protect name servers against cache corruption Ben Black (Jul 29)
    - Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
    - Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
    - Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
    - Re: how to protect name servers against cache corruption Perry E. Metzger (Jul 29)
    - Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
    - Re: how to protect name servers against cache corruption Christopher Masto (Jul 29)
    - Re: how to protect name servers against cache corruption tqbf (Jul 29)

(Thread continues...)