[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
- Subject: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
- From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com)
- Date: Sat, 26 Jul 2008 21:16:10 +0000
- In-reply-to: <[email protected]>
- References: <[email protected]> <[email protected]>
On Sat, Jul 26, 2008 at 03:05:18PM -0500, Joe Greco wrote:
> > what i do not understand is why people think screaming to the choir will
> > make any significant difference?
>
> And Paul's absolutely correct, this is not something where we can afford to
> let that happen.
Paul is correct if you work from his point of view. there
are other pov where the frantic energy expenditure might be
better spent. If you -must- patch, try patching w/ code that
is -not- vulnerable... unbound has been reported as being "safe"
if properly configured. So that was my patch profile.
actually, i think this is a whole lot of effort for what is
essentually a diversion tactic. Why you ask?
> And patching does not appear to guarantee invulnerability (eek!)
there you go. the massive effort to patch would likley have
better been spent to actually -sign- the stupid zones and
work out key distribution. but no... running around like
the proverbial headless chicken seems to get the PR.
The real value in this frantic exercise was pointed out by Roy
Arends... the number of folks who now have (possibly) DNSSEC aware
code in play is much higher than last month.
> The Really Scary Possibilities (at least the one that really frightens me)
> Have Not Been Discussed On This List.
true enough. and that is a good thing.
> ... JG
> --
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
--bill