[dns-operations] summary of recent vulnerabilities in DNS security.

Haya Shulman haya.shulman at gmail.com
Sat Oct 19 15:34:25 UTC 2013


You are absolutely right, thanks for pointing this out.
DNSSEC is the best solution to these (and other) vulnerabilities and
efforts should be focused on its (correct) adoption (see challenges here:
http://eprint.iacr.org/2013/254).
However, since partial DNSSEC deployment may introduce new vulnerabilities,
e.g., fragmentation-based attacks, the recommendations, that I wrote in an
earlier email, can be adopted in the short term to prevent attacks till
DNSSEC is fully deployed.


On Sat, Oct 19, 2013 at 5:53 PM, P Vixie <paul at redbarn.org> wrote:

> M. Shulman, your summary does not list dnssec as a solution to any of
> these vulnerabilities, can you explain why not? Vixie
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.




-- 

Haya Shulman

Technische Universität Darmstadt****

FB Informatik/EC SPRIDE****

Morewegstr. 30****

64293 Darmstadt****

Tel. +49 6151 16-75540****

www.ec-spride.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20131019/b6a74ea8/attachment.html>


More information about the dns-operations mailing list