[11426] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Paul A Vixie)
Tue Jul 29 22:48:43 1997
To: nanog@merit.edu
In-reply-to: Your message of "Tue, 29 Jul 1997 21:24:04 CDT."
<199707300224.VAA01839@enteract.com>
Date: Tue, 29 Jul 1997 19:30:04 -0700
From: Paul A Vixie <vixie@vix.com>
> To reiterate: BIND 8.1.1 is not immune to all the variants of the attack
> used by the Alternic,
False. The attacks which remain are not variants of the bug exploited by
AlterNIC, which was a program bug rather than a protocol misfeature.
> and there are very real security problems that remain
> (and will continue to remain) until the implementation of DNSSEC
> (according to Mr. Vixie).
True.
> As this thread is now rapidly losing it's operations context (as well as
> it's informative value), I'd suggest we now move towards killing it.
As soon as messages containing misstatements like the one above stop
appearing, I for one will be happy to return to lurk status.
