nanog mailing list archives
Re: DNS hardening, was Re: Dan Kaminsky
From: bert hubert <bert.hubert () netherlabs nl>
Date: Wed, 5 Aug 2009 19:12:38 +0200
On Wed, Aug 5, 2009 at 6:48 PM, John Levine<johnl () iecc com> wrote:
3) Random case in queries, e.g. GooGLe.CoM 4) Ask twice (with different values for the first three hacks) and compare the answers I presume everyone is doing the first two. Any experience with the other two to report?
3 works, but offers zero protection against 'kaminsky spoofing the root' since you can't fold the case of "123456789.". And the root is the goal. 4 breaks on Akamai and many other CDNs. Even 'ask thrice, and take the majority answer' doesn't work there. 5 is 'edns ping', but it was effectively blocked because people thought DNSSEC would be easier to do, or demanded that EDNS PING (http://edns-ping.org) would offer everything that DNSSEC offered. Bert
Current thread:
- Re: Dan Kaminsky, (continued)
- Re: Dan Kaminsky Jorge Amodio (Aug 05)
- Re: Dan Kaminsky Randy Bush (Aug 07)
- RE: Dan Kaminsky Buhrmaster, Gary (Aug 07)
- Re: Dan Kaminsky Jorge Amodio (Aug 07)
- QR-Codes... was: Re: Dan Kaminsky Dragos Ruiu (Aug 07)
- Re: Dan Kaminsky Jorge Amodio (Aug 07)
- Re: Dan Kaminsky Nick Hilliard (Aug 05)
- Re: Dan Kaminsky bert hubert (Aug 04)
- Re: DNS hardening, was Re: Dan Kaminsky bert hubert (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Phil Regnauld (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Steven M. Bellovin (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Mark Andrews (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- RE: dnscurve and DNS hardening, was Re: Dan Kaminsky Skywing (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)