[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
bert hubert
bert.hubert at netherlabs.nl
Sun Jul 27 19:07:26 UTC 2008
On Sun, Jul 27, 2008 at 03:39:23PM +0000, Paul Vixie wrote:
> (as you read all this, remember that i hate the cost:benefit profile of
> UDP port randomization, but i'm going along with it because it works and
> we had nothing else ready to roll out that would also work.)
It is comments like these that make me wonder if we inhabit the same planet.
The benefit is not longer being spoofed in a few seconds.
The cost is a measly decrease in performance.
But perhaps your explanation will help me understand the attraction of
DNSSEC.
bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the dns-operations
mailing list