[dns-operations] Access to DNS-Logs

Tomas L. Byrnes tomb at byrneit.net
Wed Jul 15 15:36:45 UTC 2009

>-----Original Message-----
>From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-
>bounces at lists.dns-oarc.net] On Behalf Of Stephane Bortzmeyer
>Sent: Wednesday, July 15, 2009 12:09 AM
>To: Enno Lenze
>Cc: dns-operations at mail.dns-oarc.net
>Subject: Re: [dns-operations] Access to DNS-Logs
>On Tue, Jul 14, 2009 at 04:36:34PM -0500,
> John Kristoff <jtk at cymru.com> wrote
> a message of 28 lines which said:
>> The name server process presumably has also gone through the trouble
>> of ensuring what is logged is well formed, otherwise it'll log an
>> error.  Unless you have a good library, you have to interpret and
>> rebuild much of this from a pcap,
>And, if you program in C, you have a lot of security risks, for
>instance with buffer overflows. In the wild, many packets are badly
>formed, either by error or by malice (for instance, DNS packets with a
>compression pointer going outside of the packet). See the list of
>security bugs of Wireshark to get an idea. You really need to program
>in paranoid mode.
Hey, it's not just c that is a source of bugs. In many cases, those
libraries your OOPL uses are the cause.

"Before C++ we had to code all of our bugs by hand; now we inherit
them.", Unknown

More information about the dns-operations mailing list