Dear Friends, There is potentially a huge DNS problem that is about to hit the internet on a scale comparable with spam e-mail.
It can be solved by patching the DNS resolver you use but: - the DNS resolver of your home router is impossible to patch - the DNS servers of Indian ISP's have currently not been patched Thus the problem affects *all* users who use the 'net from home. Note that running your own caching name servers may not help if your home router is an appliance style NAT firewall between your name server and the net. That device may effectively be de-randomising your DNS lookup requests. Please check your DNS service via www.doxpara.com (which is Dan Kaminsky's web site) and if your ISP is at fault --- bug them! Another step which is currently expensive may be to buy a home router that runs GNU/Linux. You can then patch to get 2.6.24 kernel which randomises ports while doing NAT. A cheaper solution for both problems is for all users to switch their home computers/routers to use a safer DNS service. One such service is www.opendns.com. If people know of other such services, they should let their friends know. The problem with some of these services is that when the name lookup fails they re-direct the lookup to their own sites "for advertising". To mitigate this we could offer our own name servers for recursive lookup instead of www.opendns.com and the like. The problem would be how we could keep the load at reasonable levels. We could use traffic shaping to limit the use of bandwidth for this to reasonable levels. Suggestions welcome. Regards, Kapil. --
signature.asc
Description: Digital signature
_______________________________________________ To unsubscribe, email [EMAIL PROTECTED] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
