[IP] more on Big holes in net's heart revealed

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on Big holes in net's heart revealed
From: David Farber <dave@xxxxxxxxxx>
Date: Mon, 1 May 2006 07:21:50 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <200605011017.k41AHlpK002555@xxxxxxxxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx

Begin forwarded message:

From: Jaap Akkerhuis <jaap@xxxxxxxxxxxx>
Date: May 1, 2006 6:17:47 AM EDT
To: Carl Malamud <carl@xxxxxxxxx>
Cc: dave@xxxxxxxxxx
Subject: Re: [IP] Big holes in net's heart revealed

Being in the talk I might to comment that it was all more a sales talk
for a Distributed Hash Table based alternative (which has it's own
problems). There was a lot of FUD presented.

Hi Dave -

Here is their paper in case anybody wants to read the details:

http://www.cs.cornell.edu/People/egs/papers/dnssurvey.pdf

A simple takeaway ... upgrade your nameserver.  There is no excuse
to be running 5-year old versions of software on a machine that
provides critical infrastructure.

Carl

Something "well known" but not advertised till now. djf


It is advertised all the time in various place. Warnings about
outdated software gets ignored all the time. Surveys have been done
showing how many broken servers are still in production, but nobody
seems to listen, especially people running those servers.

To Quote Mans Nilsson from the RIPE dns-wg mailing list:

"Yes, we know. Emin's work points out some of the far-goneconsequences

     of not paying attention. We are, however pretty convinced that:

     1. The mentioned examples are extremes. Most of the namespace is
        in considerably better order.
     2. DNS has historically been a neglected part of the quality

control most web site operators perform. It simply is soredundant

        and ubiquitous that it not is seen as a critical part.
     3. The ultimate fix for this is DNSSEC."

Emin said that DNSSEC wouldn't help.

And there are of course different styles of what is correct. The
zone farber.net has small problems depending who you ask
(http://www.zonecheck.fr/demo/ or http://dnsreport.com/). None of
these test tell you that the servers for this domain can be abused
for a dns amplification attacks (recursion enabled).

        jaap




-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] At Wellesley, arrest over chalk writing leaves a mark
Next by Date: [IP] political citizen journalism in singapore
Previous by thread: [IP] At Wellesley, arrest over chalk writing leaves a mark
Next by thread: [IP] political citizen journalism in singapore
Index(es):
- Date
- Thread