Re: how to get people to upgrade? (Re: The weak link? DNS)

["E.B. Dreger" <eddy+public+spam () noc everquick net>]

Perhaps nameservers could periodically poll

        dig @?.root-servers.net 2.2.9.is-vuln.bind. txt chaos

or something similar; I suggest using roots because DNS queries
to them are far less likely to be filtered.  If corresponding RR
is valid (see below), shut down BIND, thus forcing admins to look
into the problem.

Harsh?  Yes.  Sadly, "it runs, so it must be correct" is far more
common an attitude than "it must be correct before it's allowed
to run".

Worried about spoofing?  Distribute the public key with BIND, and
let the TXT response be encoded.

Of course, the clueless generally don't compile from source.  I
wonder how long it would be before some vendor circumvented such
controls so their userbase wouldn't be hassled with such
silliness as forced critical upgrades.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist () brics com>, or you are likely to
be blocked.