* Posts by A Richards

1 publicly visible post • joined 9 Jul 2008

Vendors form alliance to fix DNS poisoning flaw

A Richards

These DNS bugs ignored since 2001 but fixed by some products

There has been at least one well-respected DNS implementation available since 2001 that addresses these issues, specifically djbdns.

From its blurb (http://cr.yp.to/djbdns/blurb/security.html):

- dnscache uses a cryptographic generator to select unpredictable port numbers and IDs.

- dnscache is immune to cache poisoning.

It seems that the major DNS implementations have been aware of these issues since around that time, but haven't bothered to address them until now.