Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing DNS From The Roots Up

Posted by ryuzaki0 on from the if-it'll-stop-reports-of-hacked-dns-records dept.

jeffy124 writes: "This article at ComputerWorld tells the story of how ICANN would like to replace the root DNS systems with secured servers. Lars-Johan Liman, one of the root operators, spoke about the concept at ICANN's annual meeting today. He discussed how the world's current redundant DNS system is vulnerable to DDOS attacks and yet-to-be-discovered root holes in bind that can ultimately undermine the entire Internet by taking away the name-IP mappings that are relied upon by just about everyone."

1 of 354 comments (clear)

  1. Re:Moving the system to Linux will help by InsaneGeek · · Score: 1, Flamebait

    Oh dear god, shut up you FUD stuffing troll!

    (here's a little rant, I'll feed the troll)

    http://www.securityfocus.org/vulns/stats.shtml

    Ever heard of Trusted Irix/Solaris they will run circles around Linux in it's privilege model. Linux is a toy made out of swiss cheese compared to them in that respect.

    Where are the ACL's for Linux?
    Where is the standardized MAC?
    Capabilities?

    Look at the number of root level security bugs in the Linux *KERNEL* as of late, that alone scared me off using Linux with anything secure (your little OpenBSD dig was a big troll tip off). The way Linux distrobutions have traditionally worked, is to fix things quickly. Fine, that's great no problem, only problem is that they aren't doing anything to ever prevent them from getting in, in the first place. It's a never ending cycle, since they change code constantly (release early/often) and don't do crap worth of auditing. Linux would someday be as secure as OpenBSD if they ever took the time to look through their code as they are furiously typing it out; but instead they are constantly adding new security bugs in, and their only saving grace is that they fix their bugs quickly... How about trying to prevent the security problems from getting there to begin with??? The security focus link above shows this much more elloquently than I ever could, look at how close Linux distros are to Windows (Redhat has had *MORE* than any Windows distro this year alone, that tells a very large tale).

    According to the Honeyproject a basic Linux install on the internet has 1 day before it is rooted (shortest time was 15 minutes before it was rooted).

    The OS is the probably least important issue in security, the biggest factor is if you have an admin who knows his shit. The reason that Linux boxes are rooted so much more often than other unix systems (for some reason you allude that OpenBSD gets rooted more often than Linux, which is completely insane), is that they have a large amount of admins who don't know crap on setting a box up properly. They slap the CD's in and let it sit, no hardening, no nothing which is a problem on any OS.