http://blog.netherlabs.nl/articles/2009/01/27/powerdns-2-9-22-released-rfc-5452-assigned en-us 40 code, musings and more <p>Hi everybody!</p> <p>What a day! Remco van Mook and I received a message today that our <a href="http://blog.netherlabs.nl/articles/2006/05/09/i-bit-the-bullet-and-wrote-an-rfc-to-be">RFC Draft</a> (full text <a href="http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-10">here</a>) has entered the &#8216;AUTH48&#8217; stage. This means that it has been assigned a number (RFC 5452!), and that barring meteor strikes or similar things, we are now finally done. Yay!</p> <p>We spent 2 years and 9 months on this. It felt like even more. I&#8217;ve been told the draft has already made a difference in some places - from now on, DNS implementations that have certain bad spoofing behaviour <code>MUST</code> clean up their act :-)</p> <p>In short, had this RFC been followed, the whole Kaminsky DNS scare could have been prevented. Do note that the draft is 2 years older than Kaminksy&#8217;s discovery. The DNS community should have listened to Dan Bernstein *10* years ago.</p> <p>Some more thoughts on this subject can be found <a href="http://blog.netherlabs.nl/articles/2008/07/09/some-thoughts-on-the-recent-dns-vulnerability">here</a>. I&#8217;m slightly bitter.</p> <p>As if the RFC weren&#8217;t enough excitement for one day, I also released PowerDNS Authoritative Server 2.9.22, the first release of the authoritative server in almost 20 months. Because of this long delay, a lot of effort was spent field testing this release before it &#8216;went gold&#8217; (to use an expression I really despise).</p> <p>I sincerely hope we shook out most of the bugs. The PowerDNS community really delivered, and many of our enthusiastic users deployed pre-release code on their significant installations, to make sure everybody else would be able to upgrade with confidence.</p> <p>Read the whole store <a href="http://doc.powerdns.com/changelog.html#CHANGELOG-AUTH-2-9-22">here</a>.</p> Tue, 27 Jan 2009 22:56:00 +0100 urn:uuid:212b8f56-4bb7-4d8a-b0f9-dc488076e04e bert.hubert@netherlabs.nl (bert hubert) http://blog.netherlabs.nl/articles/2009/01/27/powerdns-2-9-22-released-rfc-5452-assigned PowerDNS sorry, that was a typo, it's: <a href="http://www.EDNS-ping.org" rel="nofollow">www.EDNS-ping.org</a> Sun, 08 Feb 2009 16:32:12 +0100 urn:uuid:1c0390e8-a538-42ee-89bf-9359ceb0d9c8 http://blog.netherlabs.nl/articles/2009/01/27/powerdns-2-9-22-released-rfc-5452-assigned#comment-142602 And he keeps on going with <a href="http://www.ENDS-ping.org" rel="nofollow">www.ENDS-ping.org</a> as the next draft he's working on Sun, 08 Feb 2009 16:27:57 +0100 urn:uuid:f1396313-9735-4ac3-ba24-6876a114c733 http://blog.netherlabs.nl/articles/2009/01/27/powerdns-2-9-22-released-rfc-5452-assigned#comment-142601 Congrats Bert! Wed, 28 Jan 2009 03:32:38 +0100 urn:uuid:67c64242-a42e-4355-ad9b-c846a96a272c http://blog.netherlabs.nl/articles/2009/01/27/powerdns-2-9-22-released-rfc-5452-assigned#comment-142600