[106271] in North American Network Operators' Group
Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
daemon@ATHENA.MIT.EDU (Jorge Amodio)
Fri Jul 25 08:46:31 2008
Date: Fri, 25 Jul 2008 07:46:20 -0500
From: "Jorge Amodio" <jmamodio@gmail.com>
To: "Jason Frisvold" <xenophage0@gmail.com>
In-Reply-To: <924f29280807241358h62150dc4o17b605d8049b475c@mail.gmail.com>
Cc: Paul Vixie <vixie@isc.org>, nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
>
>
> So is this patch a "true" fix or just a temporary fix until further
> work can be done on the problem?
I guess you need to read some of the related
papers/presentations/advisories/etc
related to a subject that has been under discussion for more 20+ years.
Answering your questions, as said before, the patch is NO FIX to the
problem, it's
just a workaround that (together with an appropiate architecture and
following well
know best practices for DNS deployment) *may* reduce the chances of becoming
a victim of the exploit.
The solution ? DNSSEC, I believe Paul is asking people interested to learn
more
about what needs to be done to get it done to discuss the subject in the
dns-operations list.
My .02
Regards
Jorge
