Kaminsky finds DNS exploit
Steven M. Bellovin
smb at cs.columbia.edu
Mon Jul 14 10:52:42 EDT 2008
On Mon, 14 Jul 2008 16:27:58 +0200
Florian Weimer <fw at deneb.enyo.de> wrote:
> On top of that, some operators decided not to offer TCP service at
> all.
Right. There's a common misconception, on both security and network
operator mailing lists, that DNS servers use TCP only for zone
transfers, and that all such connection requests should be blocked.
See, for example, the NANOG thread starting at
http://mailman.nanog.org/pipermail/nanog/2008-June/001240.html
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list