BIND 9.3.5-P1 random UDP src ports: some DNS responses delivered to wrong process
Florian Weimer
fw at deneb.enyo.de
Fri Jul 11 21:13:16 UTC 2008
* Alan Clegg:
>>> This can all be avoided if everyone signs their zones.
>>>
>>> http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf
>>
>> I think part of our problem is that a presentation titled "DNSSEC in 6
>> minutes" consists of 77 slides. 8-)
>
> A previous posting of mine:
>
> As the author of the paper, the result is YOU being able to deploy a
> DNSSEC signed zone within 6 minutes. No, you can't learn to do it in 6
> minutes, but once you understand the process (and it's not really
> difficult), you can easily go from unsigned (no keys, etc) to fully
> signed within 6 minutes per zone (and that's doing it by hand!)
It's still far too involved when "auto-sign yes;" could theoretically do
it (plus some tool to extract the data to be submitted upstream). I
hope something like this is in the pipeline. Most people don't need
offline keys, I think.
More information about the bind-users
mailing list