"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113 Executive summary: Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ? Best, -- Olivier
Olivier, Speaking personally, I¹m aware that ICANN has updated our caching servers and I think it safe to say we are continuing to pursue DNSSEC signing the zones we are responsible for. To be clear, the issue discussed in the DNS vulnerability note referenced affects caching servers, not authoritative servers, so I'm not sure what more ICANN can do. Regards, -drc On 7/10/08 12:52 AM, "Olivier Guillard" <Olivier.Guillard@nic.fr> wrote:
"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113
Executive summary:
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf
I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ?
Best,
-- Olivier
Thanks David, additionally to my previous message, note that some cc's have already communicated on that to their registrars or publically such as for example: http://www.cira.ca/en/media-room/news/226.html http://www.iedr.ie/NEWS/News-09Jul08.php On AFNIC side, we have communicated the same kind of things to our registrars. As ICANN has, we also have updated our internal resolvers. Kindest, --- Olivier le jeudi 10 juillet à 11 H 01 , David Conrad a ecrit :
Olivier,
Speaking personally, I¹m aware that ICANN has updated our caching servers and I think it safe to say we are continuing to pursue DNSSEC signing the zones we are responsible for. To be clear, the issue discussed in the DNS vulnerability note referenced affects caching servers, not authoritative servers, so I'm not sure what more ICANN can do.
Regards, -drc
On 7/10/08 12:52 AM, "Olivier Guillard" <Olivier.Guillard@nic.fr> wrote:
"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113
Executive summary:
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf
I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ?
Best,
-- Olivier
-- Olivier
Hi. In LAC area: .cl: http://www.nic.cl/anuncios/2008-07-10.html .mx http://www.nic.mx/es/Noticias_2?NEWS=278 Yours, Erick At 04:43 p.m. 10/07/2008, Olivier Guillard / AFNIC wrote:
Thanks David,
additionally to my previous message, note that some cc's have already communicated on that to their registrars or publically such as for example:
http://www.cira.ca/en/media-room/news/226.html http://www.iedr.ie/NEWS/News-09Jul08.php
On AFNIC side, we have communicated the same kind of things to our registrars. As ICANN has, we also have updated our internal resolvers.
Kindest,
--- Olivier
le jeudi 10 juillet à 11 H 01 , David Conrad a ecrit :
Olivier,
Speaking personally, I¹m aware that ICANN has updated our caching servers and I think it safe to say we are continuing to pursue DNSSEC signing the zones we are responsible for. To be clear, the issue discussed in the DNS vulnerability note referenced affects caching servers, not authoritative servers, so I'm not sure what more ICANN can do.
Regards, -drc
On 7/10/08 12:52 AM, "Olivier Guillard" <Olivier.Guillard@nic.fr> wrote:
"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113
Executive summary:
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf
I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ?
Best,
-- Olivier
-- Olivier
A new one: --- From: "Jay Daley" <jay@nominet ... This is what we sent. We also blogged it: http://blog.nominet.org.uk/tech/2008/07/10/critical-dns-spoofing-vulnerabili... The response has been largely silence but a few people have complained that they really disagree with us making such an announcement. One or two have welcomed it.
snip...
--- le jeudi 10 juillet à 23 H 43 , Olivier Guillard / AFNIC a ecrit :
Thanks David,
additionally to my previous message, note that some cc's have already communicated on that to their registrars or publically such as for example:
http://www.cira.ca/en/media-room/news/226.html http://www.iedr.ie/NEWS/News-09Jul08.php
On AFNIC side, we have communicated the same kind of things to our registrars. As ICANN has, we also have updated our internal resolvers.
Kindest,
--- Olivier
le jeudi 10 juillet à 11 H 01 , David Conrad a ecrit :
Olivier,
Speaking personally, I¹m aware that ICANN has updated our caching servers and I think it safe to say we are continuing to pursue DNSSEC signing the zones we are responsible for. To be clear, the issue discussed in the DNS vulnerability note referenced affects caching servers, not authoritative servers, so I'm not sure what more ICANN can do.
Regards, -drc
On 7/10/08 12:52 AM, "Olivier Guillard" <Olivier.Guillard@nic.fr> wrote:
"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113
Executive summary:
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf
I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ?
Best,
-- Olivier
-- Olivier
-- Olivier
and also : http://jprs.jp/tech/security/multiple-dns-vuln-cache-poisoning.html or : http://www.sidn.nl/ace.php/c,727,5906,,,,Ernstige_kwetsbaarheid_in_het_DNS_p... --- Olivier le jeudi 10 juillet à 23 H 43 , Olivier Guillard / AFNIC a ecrit :
Thanks David,
additionally to my previous message, note that some cc's have already communicated on that to their registrars or publically such as for example:
http://www.cira.ca/en/media-room/news/226.html http://www.iedr.ie/NEWS/News-09Jul08.php
On AFNIC side, we have communicated the same kind of things to our registrars. As ICANN has, we also have updated our internal resolvers.
Kindest,
--- Olivier
le jeudi 10 juillet à 11 H 01 , David Conrad a ecrit :
Olivier,
Speaking personally, I¹m aware that ICANN has updated our caching servers and I think it safe to say we are continuing to pursue DNSSEC signing the zones we are responsible for. To be clear, the issue discussed in the DNS vulnerability note referenced affects caching servers, not authoritative servers, so I'm not sure what more ICANN can do.
Regards, -drc
On 7/10/08 12:52 AM, "Olivier Guillard" <Olivier.Guillard@nic.fr> wrote:
"Multiple DNS implementations vulnerable to cache poisoning" http://www.kb.cert.org/vuls/id/800113
Executive summary:
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
Another perspective here: http://securosis.com/publications/DNS-Executive-Overview.pdf
I was wondering what were the operational measures taken if any, and also if there were any communication plan on that or information that would be helpfull to relay ?
Best,
-- Olivier
-- Olivier
-- Olivier
participants (4)
-
David Conrad -
Erick Iriarte Ahon - LACTLD -
Olivier Guillard / AFNIC -
Olivier.Guillard@nic.fr