nanog mailing list archives
Re: Curing the BIND pain
From: "Nathan J. Mehl" <memory-nanog () blank org>
Date: Thu, 27 Mar 2003 09:24:56 -0500
In the immortal words of Michael.Dillon () radianz com (Michael.Dillon () radianz com):
I suggest that an appropriate technique would be for the BIND server to originate traffic on it's local subnet that would look suspicious and possibly trigger intrusion alarms.
Good lord. I'm a little stuck for a proper analogy for this. A car that "helpfully" starts emitting noxious smoke to let you know that it's time for a tune-up? A refridgerator that drips bleach into your vegetable drawers to remind you to replace the coolant? An answering machine that replaces the outgoing message with a stream of profanities to alert callers that the incoming message tape is full? If people are so concerned about BIND's security that they're willing to seriously consider implementing ideas like this, why are they not willing to either consider replacing BIND with DNS software that is secure by design (*cough* *cough*), or paying the ISC to produce a properly secured BIND? The solution to the Ford Pinto problem was not to recommend that people duct-tape sofa cushions and homemade warning lights to the back bumper. -n ------------------------------------------------------------<memory () blank org> "Thus do `Snuff Movies' take their place with `Political-Correctness,' `Sex Addiction,' and `Postmodernism' as Godzillas of bogus moral panic, always threatening to crush the nation in their jaws, but never quite willing to take the final step of biting down. (--www.suck.com) <http://blank.org/memory/>----------------------------------------------------
Current thread:
- Curing the BIND pain Michael . Dillon (Mar 27)
- Re: Curing the BIND pain Nathan J. Mehl (Mar 27)
- Re: Curing the BIND pain Andy Dills (Mar 27)
- <Possible follow-ups>
- Re: Curing the BIND pain Crist J. Clark (Mar 28)