nanog mailing list archives

Re: DNSSEC?

From: Barry Shein <bzs () world std com>
Date: Fri, 11 Apr 2014 15:27:43 -0400


On April 11, 2014 at 11:44 dougb () dougbarton us (Doug Barton) wrote:

On 04/11/2014 11:35 AM, Barry Shein wrote:

So, DNSSEC is also compromised by this heartbleed bug, right?


There is nothing in the DNSSEC protocol that requires the Heartbeat 
functionality. However whether a specific implementation of DNS software 
is vulnerable or not depends on how it's compiled. I would expect that 
most would not be. ISC for example just released a statement that BIND 
is not:

https://lists.isc.org/pipermail/bind-users/2014-April/092944.html


Cool, good news.

-- 
        -Barry Shein

The World              | bzs () TheWorld com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*

Current thread:

DNSSEC? Barry Shein (Apr 11)
- Re: DNSSEC? Doug Barton (Apr 11)
  - Re: DNSSEC? Barry Shein (Apr 11)
    - Re: DNSSEC? Christopher Morrow (Apr 11)
- Re: DNSSEC? Bill Woodcock (Apr 11)
- Re: DNSSEC? Chris Adams (Apr 11)
  - Re: DNSSEC? Carsten Bormann (Apr 11)
    - Re: DNSSEC? Matt Palmer (Apr 11)
    - Re: DNSSEC? Robert Drake (Apr 11)
    - Re: DNSSEC? Mark Andrews (Apr 11)
    - Re: DNSSEC? Jimmy Hess (Apr 11)
    - Re: DNSSEC? Mark Andrews (Apr 11)
    - Re: DNSSEC? shawn wilson (Apr 12)

(Thread continues...)