[11406] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Paul A Vixie)
Tue Jul 29 20:21:46 1997
To: tqbf@enteract.com
cc: nanog@merit.edu
In-reply-to: Your message of "30 Jul 1997 00:02:07 -0000."
<19970730000207.19468.qmail@smtp.enteract.com>
Date: Tue, 29 Jul 1997 17:10:37 -0700
From: Paul A Vixie <vixie@vix.com>
> Since, as you say, this has an "operations" context (the integrity of the
> Internet domain service in realistic danger), it might be appropriate and
> appreciated for you to detail the steps you and the ISC have taken to
> resolve these problems in BIND 8.1.1.
I'm happy to help, sure.
> Does 8.1.1 validate resource records?
To the extent possible without DNSSEC, yes.
> Does it use random query IDs?
In a noncryptorandom way, yes. (With 16 bits it almost doesn't matter.)
> My understanding of Kashpureff's attack was that it was of minimal
> complexity (specifically, that he ripped off some kid's cname-bouncing
> script). I am therefore concerned at what appears to be the use of his
> apparently unsophisticated attack as a metric for the security of BIND
> 8.1.1.
I wrote <URL:ftp://ftp.vix.com/pri/vixie/bindsec.psf> in September of 1995
and presented it at the 5th Usenix Security Symposium in Salt Lake City.
Noone in the security field has any right to expect any implementation of
DNS to be secure until DNSSEC is widely implemented.
I'm sorry if something I said misled you to believe otherwise.
