nanog mailing list archives
Re: DNS hardening, was Re: Dan Kaminsky
From: "John R. Levine" <johnl () iecc com>
Date: Wed, 5 Aug 2009 15:23:00 -0400 (EDT)
3 works, but offers zero protection against 'kaminsky spoofing the root' since you can't fold the case of "123456789.". And the root is the goal.
Good point.5) Download your own copy of the root zone every few days from http://www.internic.net/domain/, check the signature if you can find the signing key for 289FE7AD, and use that rather than the public roots.
6) EDNS0 PING, if you think anyone else will implement it R's, John
Current thread:
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky, (continued)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Mark Andrews (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- RE: dnscurve and DNS hardening, was Re: Dan Kaminsky Skywing (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Naveen Nathan (Aug 05)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Alexander Harrowell (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Ben Scott (Aug 07)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Tony Finch (Aug 06)
- Re: dnscurve and DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky John R. Levine (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Roland Dobbins (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Douglas Otis (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Paul Vixie (Aug 05)
- Re: DNS hardening, was Re: Dan Kaminsky Florian Weimer (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Paul Jakma (Aug 06)
- Re: DNS hardening, was Re: Dan Kaminsky Christopher Morrow (Aug 06)