code, musings and more tag:blog.netherlabs.nl,2005:Typo Typo 2009-01-27T23:13:15+01:00 bert hubert bert.hubert@netherlabs.nl urn:uuid:212b8f56-4bb7-4d8a-b0f9-dc488076e04e 2009-01-27T22:56:00+01:00 2009-01-27T23:13:15+01:00

<p>Hi everybody!</p> <p>What a day! Remco van Mook and I received a message today that our <a href="http://blog.netherlabs.nl/articles/2006/05/09/i-bit-the-bullet-and-wrote-an-rfc-to-be">RFC Draft</a> (full text <a href="http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-10">here</a>) has entered the &#8216;AUTH48&#8217; stage. This means that it has been assigned a number (RFC 5452!), and that barring meteor strikes or similar things, we are now finally done. Yay!</p> <p>We spent 2 years and 9 months on this. It felt like even more. I&#8217;ve been told the draft has already made a difference in some places - from now on, DNS implementations that have certain bad spoofing behaviour <code>MUST</code> clean up their act :-)</p> <p>In short, had this RFC been followed, the whole Kaminsky DNS scare could have been prevented. Do note that the draft is 2 years older than Kaminksy&#8217;s discovery. The DNS community should have listened to Dan Bernstein *10* years ago.</p> <p>Some more thoughts on this subject can be found <a href="http://blog.netherlabs.nl/articles/2008/07/09/some-thoughts-on-the-recent-dns-vulnerability">here</a>. I&#8217;m slightly bitter.</p> <p>As if the RFC weren&#8217;t enough excitement for one day, I also released PowerDNS Authoritative Server 2.9.22, the first release of the authoritative server in almost 20 months. Because of this long delay, a lot of effort was spent field testing this release before it &#8216;went gold&#8217; (to use an expression I really despise).</p> <p>I sincerely hope we shook out most of the bugs. The PowerDNS community really delivered, and many of our enthusiastic users deployed pre-release code on their significant installations, to make sure everybody else would be able to upgrade with confidence.</p> <p>Read the whole store <a href="http://doc.powerdns.com/changelog.html#CHANGELOG-AUTH-2-9-22">here</a>.</p>

<p>Hi everybody!</p> <p>What a day! Remco van Mook and I received a message today that our <a href="http://blog.netherlabs.nl/articles/2006/05/09/i-bit-the-bullet-and-wrote-an-rfc-to-be">RFC Draft</a> (full text <a href="http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-10">here</a>) has entered the &#8216;AUTH48&#8217; stage. This means that it has been assigned a number (RFC 5452!), and that barring meteor strikes or similar things, we are now finally done. Yay!</p> <p>We spent 2 years and 9 months on this. It felt like even more. I&#8217;ve been told the draft has already made a difference in some places - from now on, DNS implementations that have certain bad spoofing behaviour <code>MUST</code> clean up their act :-)</p> <p>In short, had this RFC been followed, the whole Kaminsky DNS scare could have been prevented. Do note that the draft is 2 years older than Kaminksy&#8217;s discovery. The DNS community should have listened to Dan Bernstein *10* years ago.</p> <p>Some more thoughts on this subject can be found <a href="http://blog.netherlabs.nl/articles/2008/07/09/some-thoughts-on-the-recent-dns-vulnerability">here</a>. I&#8217;m slightly bitter.</p> <p>As if the RFC weren&#8217;t enough excitement for one day, I also released PowerDNS Authoritative Server 2.9.22, the first release of the authoritative server in almost 20 months. Because of this long delay, a lot of effort was spent field testing this release before it &#8216;went gold&#8217; (to use an expression I really despise).</p> <p>I sincerely hope we shook out most of the bugs. The PowerDNS community really delivered, and many of our enthusiastic users deployed pre-release code on their significant installations, to make sure everybody else would be able to upgrade with confidence.</p> <p>Read the whole store <a href="http://doc.powerdns.com/changelog.html#CHANGELOG-AUTH-2-9-22">here</a>.</p> Lennie urn:uuid:1c0390e8-a538-42ee-89bf-9359ceb0d9c8 2009-02-08T16:32:12+01:00 2009-02-08T16:32:12+01:00 sorry, that was a typo, it's: <a href="http://www.EDNS-ping.org" rel="nofollow">www.EDNS-ping.org</a> Lennie urn:uuid:f1396313-9735-4ac3-ba24-6876a114c733 2009-02-08T16:27:57+01:00 2009-02-08T16:27:57+01:00 And he keeps on going with <a href="http://www.ENDS-ping.org" rel="nofollow">www.ENDS-ping.org</a> as the next draft he's working on Sean Leach urn:uuid:67c64242-a42e-4355-ad9b-c846a96a272c 2009-01-28T03:32:38+01:00 2009-01-28T03:32:38+01:00 Congrats Bert!