[11425] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jul 29 22:48:06 1997
To: tqbf@enteract.com
cc: nanog@merit.edu
In-reply-to: Your message of "Tue, 29 Jul 1997 21:24:04 CDT."
<199707300224.VAA01839@enteract.com>
Reply-To: perry@piermont.com
Date: Tue, 29 Jul 1997 22:30:50 -0400
From: "Perry E. Metzger" <perry@piermont.com>
"Thomas H. Ptacek" writes:
> > Paul has made it clear that there are holes in the DNS protocols that
> > cannot be fixed without DNSSEC. He isn't papering anything over -- he
>
> Thank you for clearing this up. For the record, my only intention is to
> clarify the facts surrounding the DNS security issues that have been
> popularized by the recent Alternic attacks. I think I have done this. To
> reiterate: BIND 8.1.1 is not immune to all the variants of the attack used
> by the Alternic,
No, it *is* immune to all variants on *THAT* attack. It isn't immune
to other sorts of attacks.
Perry
