[dns-operations] summary of recent vulnerabilities in DNS security.

Paul Vixie paul at redbarn.org
Mon Oct 21 04:52:23 UTC 2013

Vernon Schryver wrote:
> ...  I think [Haya Shulman's] work shows that port randomization is like RRL, a lame kludge of a mess that is better than nothing but not even a distant second choice to actually fixing the problem.

yea, verily.

> ...
> P.S. I'm licensed by http://ss.vix.su/~vixie/isc-tn-2012-1.txt and 
> http://ss.vix.su/~vjs/rrlrpz.html to criticize RRL.

yea, verily.

> P.P.S. I've often heard Paul say much the same thing about RRL being a bad idea except compared the alternative of ignoring the consequences of everyone else's failure to deploy BCP 38.

yea, verily.


More information about the dns-operations mailing list