On Mon, Aug 18, 2008 at 12:02 PM, Paul Hoffman <[EMAIL PROTECTED]>wrote:
> At 1:27 PM +0100 8/18/08, Jim Reid wrote: > >> The fact is DNSSEC is the *only* game in town for preventing cache >> poisoning. >> > > Note the subject of this particular thread. A more carefully-worded > sentence would be "The fact is DNSSEC is the *only* game in town for > completely preventing cache poisoning." We have methods to reduce an > attacker's ability to poison caches effectively. No it is not so little grasshopper. The best way to secure DNS recursive servers is to integrate a smart IDS and firewall solution. Commerce needs solutions - not more patches to patch the patches that should have been patched years ago. cheers joe baptista -- Joe Baptista www.publicroot.org PublicRoot Consortium ---------------------------------------------------------------- The future of the Internet is Open, Transparent, Inclusive, Representative & Accountable to the Internet community @large. ---------------------------------------------------------------- Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
