Archief - De topics van lang geleden

Veri$ign doet DNS geweld aan.

16-09-2003, 11:55 door Anoniem, 3 reacties
Een week geleden eerst dit bericht:
http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b

En nu is het dan zover; *.com en *.net resolven nu naar 64.94.110.X, ze vangen errors af, en breken daarmee de DNS standaard.

http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126

Als dat niet security-related is..


--
Ondertussen begint het te dagen:)

http://www.theregister.co.uk/content/6/32852.html
--

--
Behalve bij http://security.nl.copy-and-paste-aapje.com/ lijkt wel.
--

Host name: copy-and-paste-aapje.com
IP address: 64.94.110.11
Alias(es): None

Ding! Ding!
Reacties (3)
17-09-2003, 12:33 door Anoniem
http://www.wired.com/news/technology/0,1282,60473,00.html

http://www.isc.org/products/BIND/delegation-only.html
19-09-2003, 17:52 door Anoniem
Originally posted by GeneralFailure
http://www.wired.com/news/technology/0,1282,60473,00.html

http://www.isc.org/products/BIND/delegation-only.html

hahahaha...ik kom niet meer bij....

sinds 1990 is BIND al aan het patchen...hahahaha..

Lijkt MS wel...laat staan Sendmail..hahahaha
23-09-2003, 13:54 door Anoniem
http://www.icann.org/correspondence/secsac-to-board-22sep03.htm


OPINIONS

VeriSign's change appears to have considerably weakened the stability of the Internet, introduced ambiguous and inaccurate responses in the DNS, and has caused an escalating chain reaction of measures and countermeasures that contribute to further instability.

VeriSign's change has substantially interfered with some number of existing services which depend on the accurate, stable, and reliable operation of the domain name system.

* Many email configuration errors or temporary outages which were benign have become fatal now that the wildcards exist.
* Anti-spam services relied on the RCODE 3 response to identify forged email originators.
* In some environments the DNS is one of a sequence of lookup services. If one service fails the lookup application moves to the next service in search of the desired information. With this change the DNS lookup never fails and the desired information is never found.

VeriSign's action has resulted in a wide variety of responses from ISPs, software vendors, and other interested parties, all intended to mitigate the effects of the change. The end result of such a series of changes and counterchanges adds complexity and reduces stability in the overall domain name system and the applications that use it. This sequence leads in exactly the wrong direction. Whenever possible, a system should be kept simple and easy to understand, with its architectural layers cleanly separated.

We note that some networks and applications were performing similar services prior to VeriSign's change. In fact, some user applications and services worked differently depending on the network the user was using. However, VeriSign's change pushes this service to a much lower layer in the protocol stack and a much deeper place in the Internet's global infrastructure, which prevents the user from choosing what services to use and how to proceed when a query is made to a non-existent domain.


P.S.
<sillybugger>

hahahaha...ik kom niet meer bij....

sinds 1990 is BIND al aan het patchen...hahahaha..

Lijkt MS wel...laat staan Sendmail..hahahaha

Dan heb je duidelijk niet door waar deze patch toe dient.
</sillybugger>
Reageren

Deze posting is gelocked. Reageren is niet meer mogelijk.

Zoeken
search