[106214] in North American Network Operators' Group
Re: SANS: DNS Bug Now Public?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Jul 24 12:17:27 2008
To: nanog@merit.edu
From: Paul Vixie <vixie@isc.org>
Date: Thu, 24 Jul 2008 16:17:11 +0000
In-Reply-To: <20080724084505.GE95929@catpipe.net> (Phil Regnauld's message of
"Thu\, 24 Jul 2008 10\:45\:05 +0200")
X-Vix-MailScanner-From: vixie@isc.org
Errors-To: nanog-bounces@nanog.org
regnauld@catpipe.net (Phil Regnauld) writes:
> Case in point, we've got customers running around in circles
> screaming "we need to upgrade, please help us upgrade NOW",
> but they have _3_ layers of routers and firewalls that are hardcoded to
> only allow DNS queries from port 53.
please take this problem, and all related threads, to
<dns-operations@lists.oarci.net>. this is NANOG. there
are plenty of people on that other mailing list willing
to help and interested in helping with DNS issues.
fwiw, we all know that udp port randomization isn't a
panacea and that it will break many previously-working
configurations. we just don't know what else to do NOW
while we wait for godot or whomever to deliver us DNSSEC.
--
Paul Vixie
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
