[11409] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Thomas H. Ptacek)
Tue Jul 29 21:12:25 1997
From: "Thomas H. Ptacek" <tqbf@enteract.com>
To: vixie@vix.com (Paul A Vixie)
Date: Tue, 29 Jul 1997 19:49:43 -0500 (CDT)
Cc: tqbf@enteract.com, nanog@merit.edu
Reply-To: tqbf@enteract.com
In-Reply-To: <199707300010.RAA20510@wisdom.rc.vix.com> from "Paul A Vixie" at Jul 29, 97 05:10:37 pm
> Noone in the security field has any right to expect any implementation of
> DNS to be secure until DNSSEC is widely implemented.
> I'm sorry if something I said misled you to believe otherwise.
So BIND 8.1.1 is NOT "immune" to the poisoned resource-record attack? I
ask because you specifically stated that it was. Sorry to nag, I'd just
like to see this clarified to the operations community.
Again, thanks for your time and patience!
----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"If you're so special, why aren't you dead?"
