Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing DNS From The Roots Up

Posted by ryuzaki0 on from the if-it'll-stop-reports-of-hacked-dns-records dept.

jeffy124 writes: "This article at ComputerWorld tells the story of how ICANN would like to replace the root DNS systems with secured servers. Lars-Johan Liman, one of the root operators, spoke about the concept at ICANN's annual meeting today. He discussed how the world's current redundant DNS system is vulnerable to DDOS attacks and yet-to-be-discovered root holes in bind that can ultimately undermine the entire Internet by taking away the name-IP mappings that are relied upon by just about everyone."

3 of 354 comments (clear)

  1. Why still running on BIND? by kc8apf · · Score: 5, Interesting

    I have yet to find the great reason of why everyone uses BIND. I've been working on my own DNS server just for kicks. The protocol itself is trivial. It can be handled so easily, but yet, if you look at BIND's source code, you can't tell what is going on at all. So, why does everyone continue to use it? Or better question, why hasn't someone written a better alternative?

    --
    kc8apf
    1. Re:Why still running on BIND? by fanatic · · Score: 5, Interesting

      Already available is djbdns, written by D. J. Bernstein with security as a design goal. In fact, he offers rewards to anyone who can find a vulnerability.

      --
      "that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
  2. djbdns and opennic by SuperDuG · · Score: 5, Interesting
    djbdns states "I offer $500 to the first person to publicly report a verifiable security hole in the latest version of djbdns." ... and no one has claimed the $500 yet.

    Also OpenNIC is an ICANN indepent root system ... why not just use them instead of ICANN?

    --
    Ignore the "p2p is theft" trolls, they're just uninformed