[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Patrick W. Gilmore patrick at ianai.net
Fri Jul 11 13:27:15 UTC 2008

On Jul 10, 2008, at 1:30 AM, Randy Bush wrote:

>>> http://www.icann.org/committees/security/sac004.txt
>> I don't think any sane person disagrees that BCP38 is vital.
> bcp38 is useful but not vital.  we do not suffer serious spoofing
> attacks despite years of fud about it.  and it is not really  
> critical to
> this particular vulnerability.  but it sure is religion for some  
> people.
> but you already knew i was not sane.

I know people think I am being silly these days, but I have another  
silly question: If BCP38 were implemented Internet-wide, how exactly  
would you poison a recursive name server?

And doesn't that make it critical to the question at hand?

Or are you saying that since we cannot (will not?) implement it in  
time, it really doesn't matter?


More information about the dns-operations mailing list