From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,3339c21cad84e30c
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-02-08 13:21:57 PST
Path: 
 supernews.google.com!sn-xit-02!supernews.com!news.tele.dk!193.174.75.178!news-fra1.dfn.de!news-lei1.dfn.de!news-nue1.dfn.de!news-han1.dfn.de!news.fh-hannover.de!news.cid.net!news.enyo.de!news1.enyo.de!not-for-mail
From: Florian Weimer <fw@deneb.enyo.de>
Newsgroups: comp.lang.ada
Subject: Re: BIND is Crying Out for Ada95
Date: 08 Feb 2001 22:28:05 +0100
Organization: Enyo's not your organization
Message-ID: <87y9vg9862.fsf@deneb.enyo.de>
References: <3A82D822.E93A2152@home.com> <87u264ap6p.fsf@deneb.enyo.de>
 <3A830648.FDB619EA@home.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Xref: supernews.google.com comp.lang.ada:5028
Date: 2001-02-08T22:28:05+01:00
List-Id: <comp.lang.ada>

"Warren W. Gay VE3WWG" <ve3wwg@home.com> writes:

> > Ada wouldn't help here. Even if your DNS name server is more reliable,
> > DNS will still be subject to all kinds of attacks, because not only
> > BIND is insecure, the DNS protocol is inadequate, too.
> 
> I disagree. Its not hard find vulnerabilities like this example:
> 
> Vulnerability #5: the "maxdname bug"

You should chose the TSIG bug. ;-)

Of course, there are a lot of BIND vulnerabilities which could be
avoided by using Ada.  But the DNS protocol itself is vulnerable to a
wide range of attacks, and you can't solve this by implementing the
protocol in Ada (or any other programming language).