[170875] in North American Network Operators' Group
Re: DNSSEC?
daemon@ATHENA.MIT.EDU (Barry Shein)
Fri Apr 11 15:33:38 2014
From: Barry Shein <bzs@world.std.com>
Date: Fri, 11 Apr 2014 15:27:43 -0400
To: Doug Barton <dougb@dougbarton.us>
In-Reply-To: <5348381D.2050705@dougbarton.us>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On April 11, 2014 at 11:44 dougb@dougbarton.us (Doug Barton) wrote:
> On 04/11/2014 11:35 AM, Barry Shein wrote:
> > So, DNSSEC is also compromised by this heartbleed bug, right?
>
> There is nothing in the DNSSEC protocol that requires the Heartbeat
> functionality. However whether a specific implementation of DNS software
> is vulnerable or not depends on how it's compiled. I would expect that
> most would not be. ISC for example just released a statement that BIND
> is not:
>
> https://lists.isc.org/pipermail/bind-users/2014-April/092944.html
Cool, good news.
--
-Barry Shein
The World | bzs@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
