[dns-operations] Clueless Major Backbone Provider

Paul Vixie vixie at isc.org
Tue Jul 22 19:18:14 UTC 2008

> Questions:
>    1) How would you address the claims that this vulnerability is the
> same as the one from a year ago? (2nd paragraph)

give them my phone number and tell them i need to talk to them ASAP.

Name:       Vixie, Paul
Handle:     PV15-ARIN
Company:    Internet Systems Consortium, Inc.
Address:    950 Charter Street
City:       Redwood City
StateProv:  CA
PostalCode: 94063
Country:    US
Updated:    2004-01-06
Phone:      +1-650-423-1300  (Office)
Phone:      +1-650-423-1305  (Fax)
Email:      vixie at isc.org

>    2) Does the use of load balancers decrease the risk as claimed?
> (paragraph 4)

it would reduce the risk if this was the same attack as before, as they
are claiming.  it might also do so if it's not the same attack as before,
but until august 6, noone who knows that answer can speak it in public.

> Comment:
>    Note in paragraph 3 the vendor says it does not disclose which name
> servers that it uses, but in paragraph 2 gives a link that references
> BIND name servers.

i trust that everyone by now knows that this is a DNS problem not a BIND
problem per se, and that BIND was only one of several affected vendors.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the dns-operations mailing list