Olivier, Speaking personally, I¹m aware that ICANN has updated our caching servers and I think it safe to say we are continuing to pursue DNSSEC signing the zones we are responsible for. To be clear, the issue discussed in the DNS vulnerability note referenced affects caching servers, not authoritative servers, so I'm not sure what more ICANN can do. Regards, -drc On 7/10/08 12:52 AM, "Olivier Guillard" <Olivier.Guillard@nic.fr> wrote:
"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113
Executive summary:
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf
I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ?
Best,
-- Olivier