[dns-operations] knot-dns

Matthew Ghali mghali at snark.net
Sun Dec 14 20:28:31 UTC 2014


How many different responses did we see to the recent recursion cve?

How does code diversity fix protocol vulns?

Matt


> On Dec 13, 2014, at 1:44 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
> 
> 
>> On 14 Dec 2014, at 4:36, Rubens Kuhl wrote:
>> 
>> What I'm curios about is how we measure code diversity among those 3 platforms; would using any 2 of the 3 be diverse enough for long-term survivability, or are they too similar in architecture ?
> 
> While it sounds good on phosphor, the concept of code diversity is so abstract, compared to the significant operational challenges and associated security challenges of operating separate systems performing the same functions (sort of), but differently, that any potential benefit is generally outweighed by the negative impact to security posture of said challenges.
> 
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> ____________________________________________




More information about the dns-operations mailing list