[106322] in North American Network Operators' Group
Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sat Jul 26 17:48:04 2008
Date: Sat, 26 Jul 2008 17:47:54 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: bmanning@vacation.karoshi.com
In-Reply-To: <20080726211610.GA30885@vacation.karoshi.com.>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Sat, 26 Jul 2008, bmanning@vacation.karoshi.com wrote:
> there you go. the massive effort to patch would likley have
> better been spent to actually -sign- the stupid zones and
> work out key distribution. but no... running around like
> the proverbial headless chicken seems to get the PR.
Maybe someone could publish a blacklist of vulnerable recursive
name servers, and then F-Root, the other root name servers,
and other "popular" sites could start refusing to answer queries
from vunerable name servers until after the blacklist operator decides
they've patched their recursive server sufficiently?
Maybe that would get their attention and encourage them to apply
resources to the problem?
Extreme situations justify extreme measures; or how extreme do
you believe justifies what measures?
