North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED
- From: Gadi Evron
- Date: Thu Jul 24 21:07:18 2008
On Thu, 24 Jul 2008, Steve Bertrand wrote:
Gadi Evron wrote:
On Thu, 24 Jul 2008, Martin Hannigan wrote:
I personally know several folks from within and wayyy from outside the
world who discovered this very out there and obvious issue and worked
to try and contact the operators. Those that haven't fixed it yet,
won't if all thing remain even.
I don't know that a failure to act immediately is indicative of ignoring
the problem. Not to defend AT&T or any other provider, but it's not as
simple as rolling out a patch.
Marty, are we talking of the same problem? I am talking about recursion
enabled in bind?
I'm confused by the last sentence. I don't understand if you are asking a
question, or stating that recursion should be disabled.
If it is a statement, then you must mean that ops should disable recursion,
and enable forwarding for name resolution, correct? In this case, its been
proven that having an upstream forward that is 'broken' will have the exact
same effect as having a broken recursive server.
My apologies if I've misunderstood your comment.
We are talking about ccTLD NS.