'Re: how to protect name servers against cache corruption'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: how to protect name servers against cache corruption
From:       Francois Beauregard <FBorg () fbli ! com>
Date:       1997-08-02 0:49:50
[Download RAW message or body]

Another thing people tend to forget is the legacy systems that still need
to be maintained...  It's extremely easy to say "let's scrap BIND and build
a better DNS system", but hey guys, you still need to support ALL PLATFORMs...

Until you find me the GOD that will do this all in one shot, I'll prefer to
go with Vixie's code... he got pretty good at it over time :-)

And I think that Paul can confirm that like everybody else, he only have 24
hours in a day and only one head and one set of arms...  Considering that,
he is doing a VERY good job, give him some time and he will come up with
the solution to those security issue, no one better then him knows the
holes in the code/system...

So unless there is some specific attacks GOING ON CURRENTLY on the net, can
we get back to the main topic of discussion...

At 16:09 97-08-01 -0700, Dave Crocker wrote:
>Ben,
>
>At 10:30 PM 7/29/97 -0400, Ben Black wrote:
>>so a statement from paul that the internet is effectively broken until 
>>DNSSEC is acceptable to you even if there are known ways to combat known 
>>attacks?
>>
>>stop worshipping long enough to think about the ramifications of this.
>
>	Reponsible participation in public discussion is a difficult challenge for
>even the most capable contributor.  For others, the challenge is quite
>basic.  They must listen carefully.  They must consider carefully.  They
>must stay on the topic.  They must use professional language and avoid ad
>hominem distractions.
>
>	The fact that the security on your house is not optimal, it does not mean
>that your house has no security.  The fact that there are attacks which are
>still feasible on the DNS does not mean that the DNS doesn't work.
>("Broken" means doesn't work, in case there is confusion about your use of
>language.)
>
>	So please note that your response to this thread reduce it to an
>inaccurate assessment.  Given the importance of the DNS and the difficulty
>which the general public has dealing with network security issues, it would
>be highly irresponsible to propagate inaccurate statements like the one
above.
>
>d/
>--------------------
>Dave Crocker
>Internet Mail Consortium                               +1 408 246 8253
>675 Spruce Dr.                                    fax: +1 408 249 6205
>Sunnyvale, CA 94086 USA              info@imc.org , http://www.imc.org


Sincerely

----------------------------------
Francois Beauregard
FBorg@fbli.com
FBLI.COM
We love feedbacks and live by them

Sales        : Sales@fbli.com		1 (888) FBLI.COM
Tech support : Support@fbli.com		1 (514) 349-0455
Internet Web : http://www.fbli.com
ICQ          : 1907537

Montreal, Canada
----------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic