[170870] in North American Network Operators' Group
Re: DNSSEC?
daemon@ATHENA.MIT.EDU (Doug Barton)
Fri Apr 11 14:45:07 2014
Date: Fri, 11 Apr 2014 11:44:45 -0700
From: Doug Barton <dougb@dougbarton.us>
To: Barry Shein <bzs@world.std.com>, nanog@nanog.org
In-Reply-To: <201404111835.s3BIZcqQ003034@world.std.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 04/11/2014 11:35 AM, Barry Shein wrote:
> So, DNSSEC is also compromised by this heartbleed bug, right?
There is nothing in the DNSSEC protocol that requires the Heartbeat
functionality. However whether a specific implementation of DNS software
is vulnerable or not depends on how it's compiled. I would expect that
most would not be. ISC for example just released a statement that BIND
is not:
https://lists.isc.org/pipermail/bind-users/2014-April/092944.html
hth,
Doug
