Sorry for the strong words, but the ISC is fucked up, apparently. But I
should have guessed that when I first (tried to) read the later versions
of bind source (with apologies to Bill Norton the original project
manager for that development). I just had to be slapped in the face with
it
When I first saw this, I thought the same as most others. However,
it's possible that this approach may have merit. If I found a hole
and could update the root servers before disclosure, I'd certainly
do it.
The more people you can inform without tipping off the black hats,
the better. I guess
Someone, please, tell me there
is an another
alternative - because with the direction it's headed now, the
Internet based on
bind isn't looking like it's going to be a very good, reliable, or secure,
network.
regrets,
--dr
We've all managed to survive using BIND for the past x years - I
"Dragos" == Dragos Ruiu [EMAIL PROTECTED] writes:
Dragos Not only is it NOT solid according to past record
So I suppose the 10-12,000 DNS queries that get answered every second
by a.root-servers.net or the ~5,000/second that f.root-servers.net
answers are handled by something that
The recent vulnerabilities in BIND must have overlooked one
flaw amongst that extensive list that makes every version deployed on
the planet vulnerable, the flaw that makes the ISC bind oversight committee
crash, coredump and lose its mind with this new, for-pay, "leet" bind
vulnerability list.
