nanog mailing list archives
Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
From: Paul Vixie <vixie () isc org>
Date: Thu, 24 Jul 2008 23:10:46 +0000
So is this patch a "true" fix or just a temporary fix until further work can be done on the problem?
the only true fix is DNSSEC. meanwhile we'll do UDP port randomization, plus we'll randomize the 0x20 bits in QNAMEs, plus we'll all do what nominum does and retry with TCP if there's a QID mismatch while waiting for a response, and we'll start thinking about using TKEY and TSIG for stub-to-RDNS relationships. but the only true long term fix for this is DNSSEC. all else is bandaids, which is a shame, since it's a sucking chest wound and bandaids are silly.
But it that truly an end-all fix, or is this just the initial cry to stop short-term hijacking?
all we're trying to do is keep the 'net running long enough to develop and deploy DNSSEC, which would be much harder if updates.microsoft.com almost never points to a microsoft-owned computer. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Re: Federal Government Interest in your patch progress, (continued)
- Re: Federal Government Interest in your patch progress Jorge Amodio (Jul 25)
- Re: Federal Government Interest in your patch progress Jared Mauch (Jul 25)
- Re: Federal Government Interest in your patch progress Steven M. Bellovin (Jul 25)
- Re: Federal Government Interest in your patch progress Stephane Bortzmeyer (Jul 29)
- Re: Federal Government Interest in your patch progress Steven M. Bellovin (Jul 29)
- Re: Federal Government Interest in your patch progress Paul Vixie (Jul 25)
- Re: Federal Government Interest in your patch progress chuck goolsbee (Jul 25)
- Re: Federal Government Interest in your patch progress Sean Donelan (Jul 25)
- Re: Federal Government Interest in your patch progress brett watson (Jul 25)
- Re: Federal Government Interest in your patch progress Sean Donelan (Jul 25)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 24)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Jorge Amodio (Jul 25)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Randy Bush (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Paul Vixie (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Joe Greco (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? bmanning (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Sean Donelan (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? bmanning (Jul 26)
- Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked? Martin Hannigan (Jul 26)