[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

bert hubert bert.hubert at netherlabs.nl
Thu Jul 10 21:57:20 UTC 2008

On Thu, Jul 10, 2008 at 05:21:59AM +0000, Paul Vixie wrote:
> > But I still reserve the right to give you a gigantic raspberry if the  
> > "exploit" turns out to be something every single person on this list  
> > realized before we finished reading the advisory (and many of us  
> > though of years earlier but were too lazy to do anything about it).
> tell you what, put your ideas in an envelope, signed and dated, and
> mail it (postal system) to a neutral third party, to be opened august
> 7.  if you had it, i will publically congrat you, and buy you a beer.

Patrick, I'll get you one too. The stuff that has been discovered is
non-trivial and stunning. It took several attempts for me to 'get' it, and
I've been writing nameservers for a decade now.

I bet that people will claim 'with hindsight' that they saw this exact
problem coming. That is where the envelope comes in!


http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the dns-operations mailing list