5 Aug
2009
5 Aug
'09
10:18 a.m.
In a message written on Tue, Aug 04, 2009 at 11:32:46AM -0700, Kevin Oberman wrote:
There is NO fix. There never will be as the problem is architectural to the most fundamental operation of DNS. Other than replacing DNS (not feasible), the only way to prevent this form of attack is DNSSEC. The "fix" only makes it much harder to exploit.
I don't understand why replacing DNS is "not feasible". -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/