[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
fweimer at bfk.de
Thu Jul 10 20:24:00 UTC 2008
* Sean Donelan:
> Yep, that's why I chuckled when I saw ISC claiming DNSSEC was "the
> definitive solution."
Currently, it's the only way to secure DNS data on the wire between
two organizations who haven't set up special relationship.
>From what I see, more and more people view DNSSEC as a tool to secure
the existing DNS against on-the-wire attacks. It's no longer
something you design from scratch, to provide services rather
different from what DNS achieves now.
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the dns-operations