[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

bert hubert bert.hubert at netherlabs.nl
Sun Jul 27 19:07:26 UTC 2008

On Sun, Jul 27, 2008 at 03:39:23PM +0000, Paul Vixie wrote:
> (as you read all this, remember that i hate the cost:benefit profile of
> UDP port randomization, but i'm going along with it because it works and
> we had nothing else ready to roll out that would also work.)

It is comments like these that make me wonder if we inhabit the same planet.

The benefit is not longer being spoofed in a few seconds.

The cost is a measly decrease in performance.

But perhaps your explanation will help me understand the attraction of


http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the dns-operations mailing list