[105901] in North American Network Operators' Group
Re: Multiple DNS implementations vulnerable to cache poisoning
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Jul 9 12:05:49 2008
Date: Wed, 9 Jul 2008 12:05:38 -0400
From: "Christopher Morrow" <morrowc.lists@gmail.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
In-Reply-To: <20080709114143.01b59c15@cs.columbia.edu>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Wed, Jul 9, 2008 at 11:41 AM, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> The ISC web page on the attack notes "DNSSEC is the only definitive
> solution for this issue. Understanding that immediate DNSSEC deployment
> is not a realistic expectation..." I wonder what NANOG folk can do
> about the second part of that quote...
get the root zone signed, get com/net/org/ccTLD's signed.. oh wait,
that's not nanog... doh!
Pressure your local ICANN officers?
-Chris
