From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: BIND is Crying Out for Ada95
Date: 08 Feb 2001 22:28:05 +0100
Date: 2001-02-08T22:28:05+01:00 [thread overview]
Message-ID: <87y9vg9862.fsf@deneb.enyo.de> (raw)
In-Reply-To: 3A830648.FDB619EA@home.com
"Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:
> > Ada wouldn't help here. Even if your DNS name server is more reliable,
> > DNS will still be subject to all kinds of attacks, because not only
> > BIND is insecure, the DNS protocol is inadequate, too.
>
> I disagree. Its not hard find vulnerabilities like this example:
>
> Vulnerability #5: the "maxdname bug"
You should chose the TSIG bug. ;-)
Of course, there are a lot of BIND vulnerabilities which could be
avoided by using Ada. But the DNS protocol itself is vulnerable to a
wide range of attacks, and you can't solve this by implementing the
protocol in Ada (or any other programming language).
next prev parent reply other threads:[~2001-02-08 21:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-08 17:33 BIND is Crying Out for Ada95 Warren W. Gay VE3WWG
2001-02-08 20:35 ` Florian Weimer
2001-02-08 20:50 ` Warren W. Gay VE3WWG
2001-02-08 21:28 ` Florian Weimer [this message]
2001-02-09 9:16 ` Tarjei T. Jensen
2001-02-09 10:43 ` Lutz Donnerhacke
2001-02-09 11:47 ` Lutz Donnerhacke
2001-02-09 13:47 ` Tarjei T. Jensen
2001-02-09 16:04 ` Lutz Donnerhacke
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox