Thoughts from a DNS server implementor

Posted Jun 5, 2002 9:49 UTC (Wed) by sam (guest, #1329)
Parent article: CERT advisory: DOS vulnerability in BIND 9

As a DNS server implementor, the fact that BIND's security problems are this (relatively) minor is a vast improvement over how things used to be. Since my own DNS server has had similiar problems, where a malformed packet could cause the server to be unresponsive, I can vouch that making a DNS server which has no such problems is very difficult. I have a lot of respect for Dan Bernstein for apparently being able to do this.