North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
On Thu, Jul 24, 2008 at 1:14 PM, Paul Vixie <vixie@xxxxxxx> wrote: > in spite of that caution i am telling you all, patch, and patch now. if you > have firewall or NAT configs that prevent it, then redo your topology -- NOW. > and make sure your NAT isn't derandomizing your port numbers on the way out. > > and if you have time after that, write a letter to your congressman about the > importance of DNSSEC, which sucks green weenies, and is a decade late, and > which has no business model, but which the internet absolutely dearly needs. So is this patch a "true" fix or just a temporary fix until further work can be done on the problem? I listened to Dan's initial presentation and I've read a lot of speculation since then. I've also taken a look at the various blog entries that detail the problem. I believe I understand what the issue is and I can see how additional randomization helps. But it that truly an end-all fix, or is this just the initial cry to stop short-term hijacking? -- Jason 'XenoPhage' Frisvold XenoPhage0@xxxxxxxxx http://blog.godshell.com