IETF Logo Mail Archive

Re: OFFTOPIC: DNSSEC groupthink versus improving DNS

Duane at e164 dot org <duane@e164.org> Fri, 08 August 2008 07:30 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F01A3A6BEB; Fri, 8 Aug 2008 00:30:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Js47eGFABbw; Fri, 8 Aug 2008 00:30:44 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 5529D3A6B3A; Fri, 8 Aug 2008 00:30:44 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KRMLS-000MaY-NQ for namedroppers-data@psg.com; Fri, 08 Aug 2008 07:25:06 +0000
Received: from [208.82.100.153] (helo=mail.aus-biz.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <duane@e164.org>) id 1KRMLP-000MZw-7h for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 07:25:04 +0000
Received: from [192.168.100.244] (dsl-48-19.qld1.net.au [125.168.48.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.aus-biz.com (Postfix) with ESMTPSA id 4092EFF26C; Fri, 8 Aug 2008 17:25:04 +1000 (EST)
Message-ID: <489BF4C8.9000309@e164.org>
Date: Fri, 08 Aug 2008 17:24:56 +1000
From: Duane at e164 dot org <duane@e164.org>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: Ralf Weber <denic@eng.colt.net>
CC: bert hubert <bert.hubert@netherlabs.nl>, Namedroppers <namedroppers@ops.ietf.org>
Subject: Re: OFFTOPIC: DNSSEC groupthink versus improving DNS
References: <489AD5E3.20708@nlnetlabs.nl> <20080807134236.GA19024@outpost.ds9a.nl> <E3BF6308-12F6-4269-B949-2853E5E8F607@eng.colt.net>
In-Reply-To: <E3BF6308-12F6-4269-B949-2853E5E8F607@eng.colt.net>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Ralf Weber wrote:

> The reason it changed is that we, or to be more precise a customer was
> hit by cache poisoning, and I had show up at there board and explain it
> to them.

Thanks for proving my point, people won't do anything until something
happens to them personally.

> Is there a technology that can prove that the answer I am getting from my DNS resolver is correct? 

Don't use someone else's resolver for starters, then reduce the TTL to
almost nothing and the chance of being effected is greatly reduced, of
course DNSSEC won't solve this problem without critical mass either so
even if you deploy or utilise DNSSEC you could still be effected by
cache poisoning.

-- 

Best regards,
 Duane

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email