[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Sean Donelan sean at donelan.com
Thu Jul 10 07:14:39 UTC 2008

On Thu, 10 Jul 2008, Randy Bush wrote:
>>> http://www.icann.org/committees/security/sac004.txt
>> I don't think any sane person disagrees that BCP38 is vital.
> bcp38 is useful but not vital.  we do not suffer serious spoofing
> attacks despite years of fud about it.  and it is not really critical to
> this particular vulnerability.  but it sure is religion for some people.

Is the level of DNS cache poisoning and IP packet spoofing attacks in the 
wild similar?

Despite the fud about it, if there aren't serious DNS poisoning attacks 
will it still be considered critical?  Or will it just be one
more thing people don't care about? Heck, people are willing to 
point-click-change their DNS client settings to point to various 
untrustworthy name servers without needing to go through the trouble of
cache poisoning.

Of course, many hosts learn which DNS servers to use with insecure

More information about the dns-operations mailing list