"Refuses to patch" sounds likes FUD.
go ask 'em, and let us all know what they say. kaminsky tried to get everybody a month, but because of ptacek's sloppiness it ended up being 13 days. if any dns engineer at any internet carrier goes home to sleep or see their families before they patch, then they're insane. yes, i know the dangers of rolling patches out too quickly. better than most folks, since i've been on the sending side of patches that caused problems, and i've learned caution from the pain i've inadvertantly caused in that way. in spite of that caution i am telling you all, patch, and patch now. if you have firewall or NAT configs that prevent it, then redo your topology -- NOW. and make sure your NAT isn't derandomizing your port numbers on the way out. and if you have time after that, write a letter to your congressman about the importance of DNSSEC, which sucks green weenies, and is a decade late, and which has no business model, but which the internet absolutely dearly needs. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.