To:
Randy Bush <randy@psg.com>
Cc:
Bill Manning <bmanning@isi.edu>, seamus@bit-net.com (Jim Bound), users@ipv6.org, dnsop@cafax.se (dns op wg), ngtrans@sunroof.eng.sun.com
From:
"Perry E. Metzger" <perry@piermont.com>
Date:
18 Jan 2001 09:17:01 -0500
In-Reply-To:
Randy Bush's message of "Thu, 18 Jan 2001 04:47:37 -0800"
Sender:
owner-dnsop@cafax.se
Subject:
Re: (ngtrans) Re: IPv6 dns
Randy Bush <randy@psg.com> writes: > there are people who don't think it's prudent engineering to break the net > to get people to do something. silly things about technical and social > responsibility now that the net has grown a bit bigger than boys and their > toys. > > of course there are folk with the opposite opinion. It isn't obvious to some of us that the net would break. Many of us have already deployed new record types (not just AAAA or what have you) in our DNSes and somehow there aren't widespread reports of random resolvers detonating when they look at our zones. In fact, I'll note that there are a *lot* of them our there. You would imagine with all the mail passing through some of said zones that such detonations would occur. By now, I think we would have gotten extensive field reports about trouble -- even if only in the form of worried messages from CERT about a new evil way to attack DNS servers. Indeed, if you guys are right and all this crashes machines left and right, it is a serious security hole -- one that will probably be fixed pretty damn fast once it is discovered by The Evil People. If you can demonstrate the problem, CERT wants to know -- now, I suspect, before The Evil People find out. Perry