bert hubert finally blogs: I bit the bullet and wrote an RFC ('to be')

I bit the bullet and wrote an RFC ('to be')

bert.hubert@netherlabs.nl (bert hubert) — Tue, 09 May 2006 22:15:00 +0200

I’ve long been a somewhat active member of the relevant DNS mailing lists, ‘namedroppers’ and ‘dnsop’, both affiliated with the IETF DNS workgroups.

I consider myself a bit of an outcast in the DNS community as I don’t sing the praises of DNSSEC, nor BIND, but I suspect this is not entirely fair as there are quite a number of people who are far more outcast than I am. So I suspect I’m on the fringe of the DNS community in the sense that I incidentally take part in useful email discussion, either on list or privately with relevant parties.

I recently called upon nameserver authors and operators to either upgrade their nameserver so it performs adequate anti-spoofing measures, or switch to a nameserver implementation that does (like tinydns or of course PowerDNS).

This call fell on very deaf ears it appears. The BIND people promised to look into it but as noted then, without an apparant sense of urgency. Not a lot has happened since, except that I’ve reiterated my recommendation privately to a number of relevant people.

In the meantime, I’ve been told the Microsoft nameserver is about 4 times easier to spoof than BIND, but I’ve been unable to verify this.

So, I did what I never thought I’d do, I wrote something intended to be an RFC. In short, this RFC specifies that a recursor MUST implement adequate anti-spoofing measures, and details what this entails.

Read all about it as old school text or rendered as pretty HTML. The RFC-compliant output is made possibly by the interesting but quirky tool xml2rfc.

I’ll spend some more time polishing the document before submitting it as an Internet Draft. I also need to figure out the correct procedure to set things in motion.

I sincerely hope nameservers that are easy to spoof clean up their act quickly, hopefully even before my draft hits the standards track.

"I bit the bullet and wrote an RFC ('to be')" by bang bros

Sun, 03 Jun 2007 13:13:32 +0200

Very pleased to read this article!

"I bit the bullet and wrote an RFC ('to be')" by we livetogether

Sat, 02 Jun 2007 13:27:42 +0200

I can assume this is most poweful blog system!

"I bit the bullet and wrote an RFC ('to be')" by bang bus

Thu, 31 May 2007 21:38:40 +0200

Here is better than anywhere, i probably will stay!

"I bit the bullet and wrote an RFC ('to be')" by bang bus

Thu, 31 May 2007 11:43:15 +0200

Very nice article, thank you!

"I bit the bullet and wrote an RFC ('to be')" by tera patrick

Tue, 29 May 2007 23:33:59 +0200

I find this article useful for both beginners and skilled users, thank you!

"I bit the bullet and wrote an RFC ('to be')" by teen models

Tue, 29 May 2007 00:11:00 +0200

Definetely try re-installing apache or try to trace path to server!

"I bit the bullet and wrote an RFC ('to be')" by my first sex teacher

Mon, 28 May 2007 15:08:37 +0200

Can anyone advice normal hosting provider? i don't need free like blogger, i need paid!

"I bit the bullet and wrote an RFC ('to be')" by big naturals

Sat, 26 May 2007 16:38:37 +0200

Compilator for such programms like GenEngineCompile is impossible to install, why?

"I bit the bullet and wrote an RFC ('to be')" by fee

Tue, 17 Apr 2007 00:01:56 +0200

a lot of spam

"I bit the bullet and wrote an RFC ('to be')" by recipricol link

Wed, 13 Dec 2006 14:28:09 +0100

exchange links link partners backlink link service exchange program popular link exchange links exchange system exchange service web link exchange travel links exchange recipricol link

"I bit the bullet and wrote an RFC ('to be')" by ahu

Sat, 13 May 2006 00:07:22 +0200

They are free to do so. I happen to believe in the power of the GPL to foster cooperation and not just incorporation.

"I bit the bullet and wrote an RFC ('to be')" by Leen Besselink

Thu, 11 May 2006 13:34:42 +0200

Here is some food for thought: If you really think that your solution is more secure and you are serious about making the internet more secure, you should change the license of the recursor so people can include it in there own products. :-)