[106325] in North American Network Operators' Group
Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Sat Jul 26 18:16:07 2008
Date: Sat, 26 Jul 2008 22:15:50 +0000
From: bmanning@vacation.karoshi.com
To: Sean Donelan <sean@donelan.com>
In-Reply-To: <200807261740470.32BF5B92.5810@clifden.donelan.com>
Cc: bmanning@vacation.karoshi.com, nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Sat, Jul 26, 2008 at 05:47:54PM -0400, Sean Donelan wrote:
> On Sat, 26 Jul 2008, bmanning@vacation.karoshi.com wrote:
> > there you go. the massive effort to patch would likley have
> > better been spent to actually -sign- the stupid zones and
> > work out key distribution. but no... running around like
> > the proverbial headless chicken seems to get the PR.
>
> Maybe someone could publish a blacklist of vulnerable recursive
> name servers, and then F-Root, the other root name servers,
> and other "popular" sites could start refusing to answer queries
> from vunerable name servers until after the blacklist operator decides
> they've patched their recursive server sufficiently?
>
> Maybe that would get their attention and encourage them to apply
> resources to the problem?
>
> Extreme situations justify extreme measures; or how extreme do
> you believe justifies what measures?
Knock yourself out Sean.
--bill
