drc at virtualized.org
Sun Dec 14 22:52:05 UTC 2014
On Dec 14, 2014, at 12:28 PM, Matthew Ghali <mghali at snark.net> wrote:
> How many different responses did we see to the recent recursion cve?
What I've seen so far:
- BIND 9, Unbound, PowerDNS Recursor
- Nominum, dnsmasq, djbdns, BIND 8
Haven't heard about Microsoft's recursor yet.
> How does code diversity fix protocol vulns?
Because different people implement the protocol differently (as evidenced by the above)?
Of course, one might argue that the fact that there were different behaviors might suggest a bug in the protocol specification, but that doesn't argue against code diversity. Code diversity is to help mitigate implementation bugs.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the dns-operations