http://127.0.0.1:8080/blog/taxonomy/term/940/0 en http://127.0.0.1:8080/blog/node/681 <p>A lot of discussion is going on around yesterday major DNS upgrade push<br /> Is it needed, is it overkill, are we fixing a new hot flaw or just reiterating over a <a href="http://www.ietf.org/rfc/rfc3833.txt" rel="nofollow">4 year old RFC</a></p> <p>Yes Dan from DJB DNS already told us <a href="http://cr.yp.to/djbdns/forgery-cost.txt" rel="nofollow">ages ago</a> .. but Dan isn't the most loved person on the planet. Now as long as he doesn't head in the direction of that other unpopular filesystem guy :)</p> <p>Anyhow .. CVS information is <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447" rel="nofollow">here</a> and you can read up on some more background <a href="http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/" rel="nofollow">at Securosis</a></p> <p>Add to that the fresh release of <a href="http://ostatic.com/162565-blog/unbound-wants-to-challenge-the-dns-monoculture" rel="nofollow">Unbound</a> and security is back in style just like <a href="http://rationalsecurity.typepad.com/" rel="nofollow">Chris Hoff</a> said during the <a href="http://virtualization.com/interviews-interview-talk/2008/06/11/quotes-from-our-upcoming-story-on-virtsec/" rel="nofollow">VirtSec</a> debate :</p> <p>“To me, security is like bell bottoms, every 10-15 years or so, it comes back into style.”</p> http://127.0.0.1:8080/blog/node/681#comments djbdns dns security unbound Thu, 10 Jul 2008 18:48:11 +0000 Kris Buytaert 681 at http://127.0.0.1:8080/blog