On Dec 14, 2014, at 12:28 PM, Matthew Ghali <mgh...@snark.net> wrote: > How many different responses did we see to the recent recursion cve?
What I've seen so far: Vulnerable: - BIND 9, Unbound, PowerDNS Recursor Not Vulnerable: - Nominum, dnsmasq, djbdns, BIND 8 Haven't heard about Microsoft's recursor yet. > How does code diversity fix protocol vulns? Because different people implement the protocol differently (as evidenced by the above)? Of course, one might argue that the fact that there were different behaviors might suggest a bug in the protocol specification, but that doesn't argue against code diversity. Code diversity is to help mitigate implementation bugs. Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
