Thanks David, additionally to my previous message, note that some cc's have already communicated on that to their registrars or publically such as for example: http://www.cira.ca/en/media-room/news/226.html http://www.iedr.ie/NEWS/News-09Jul08.php On AFNIC side, we have communicated the same kind of things to our registrars. As ICANN has, we also have updated our internal resolvers. Kindest, --- Olivier le jeudi 10 juillet à 11 H 01 , David Conrad a ecrit :
Olivier,
Speaking personally, I¹m aware that ICANN has updated our caching servers and I think it safe to say we are continuing to pursue DNSSEC signing the zones we are responsible for. To be clear, the issue discussed in the DNS vulnerability note referenced affects caching servers, not authoritative servers, so I'm not sure what more ICANN can do.
Regards, -drc
On 7/10/08 12:52 AM, "Olivier Guillard" <Olivier.Guillard@nic.fr> wrote:
"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113
Executive summary:
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf
I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ?
Best,
-- Olivier
-- Olivier