nanog mailing list archives

Re: Dan Kaminsky

From: Leo Bicknell <bicknell () ufp org>
Date: Wed, 5 Aug 2009 10:18:11 -0400

In a message written on Tue, Aug 04, 2009 at 11:32:46AM -0700, Kevin Oberman wrote:

There is NO fix. There never will be as the problem is architectural
to the most fundamental operation of DNS. Other than replacing DNS (not
feasible), the only way to prevent this form of attack is DNSSEC. The
"fix" only makes it much harder to exploit.


I don't understand why replacing DNS is "not feasible".

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/

Attachment: _bin
Description:

Current thread:

Re: Dan Kaminsky, (continued)
- Re: Dan Kaminsky Cord MacLeod (Aug 01)
  - Re: Dan Kaminsky Richard A Steenbergen (Aug 03)
    - Re: Dan Kaminsky Cord MacLeod (Aug 03)
    - Re: Dan Kaminsky andrew.wallace (Aug 03)
    - Re: Dan Kaminsky Dragos Ruiu (Aug 04)
- Re: Dan Kaminsky Curtis Maurand (Aug 04)
  - Re: Dan Kaminsky Valdis . Kletnieks (Aug 04)
    - Re: Dan Kaminsky Mikael Abrahamsson (Aug 04)
  - Re: Dan Kaminsky Kevin Oberman (Aug 04)
    - Re: Dan Kaminsky Patrick W. Gilmore (Aug 04)
    - Re: Dan Kaminsky Leo Bicknell (Aug 05)
    - Re: Dan Kaminsky Florian Weimer (Aug 05)
    - DNS alternatives (was Re: Dan Kaminsky) Roland Dobbins (Aug 05)
    - Re: DNS alternatives (was Re: Dan Kaminsky) Mark Andrews (Aug 05)
    - Re: DNS alternatives (was Re: Dan Kaminsky) Roland Dobbins (Aug 05)
    - RE: DNS alternatives (was Re: Dan Kaminsky) Erik Soosalu (Aug 05)
    - Re: DNS alternatives (was Re: Dan Kaminsky) Roland Dobbins (Aug 05)
    - Re: Dan Kaminsky Leo Bicknell (Aug 05)
    - Re: Dan Kaminsky Jorge Amodio (Aug 05)
    - Re: Dan Kaminsky Phil Regnauld (Aug 05)
    - Re: Dan Kaminsky Chris Adams (Aug 05)

(Thread continues...)