[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Randy Bush randy at psg.com
Thu Jul 10 07:40:33 UTC 2008

> all of the attacks described or mitigated by 
> http://www.ietf.org/internet-drafts/draft-ietf-dnsext-forgery-resilience-05.txt
> rely on spoofing the IP source address.  i would go as far as to say that if
> BCP38 were universally implemented, there would be no forgery-resilience draft
> and no CERT VU#800113 and no need for udp source port randomization nor for
> http://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00.

if it prevents ietf draft attacks, then i am massively for it :)


More information about the dns-operations mailing list