[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Florian Weimer fweimer at bfk.de
Thu Jul 10 20:24:00 UTC 2008

* Sean Donelan:

> Yep, that's why I chuckled when I saw ISC claiming DNSSEC was "the
> definitive solution."

Currently, it's the only way to secure DNS data on the wire between
two organizations who haven't set up special relationship.

>From what I see, more and more people view DNSSEC as a tool to secure
the existing DNS against on-the-wire attacks.  It's no longer
something you design from scratch, to provide services rather
different from what DNS achieves now.

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the dns-operations mailing list