To: rarestia
If MS DNS is implemented properly, it’s as secure as BIND. Most admins deploy MS DNS with secure updates turned off and zone transfers enabled from all sources, which is just a nightmare for administration and security overall. But the point here is that BIND isn't secure either. Ironsides, on the other hand, is provably free of exceptions (the paper here) and both single-packet denial of service and remote code executions (this paper). That's a huge distinction.
9 posted on
07/02/2013 8:18:39 AM PDT by
OneWingedShark
(Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
To: OneWingedShark
I’m absolutely not taking away from that point, sir. I just wanted to jump to the defense of MSDNS since the paper seemed to jump on it as flawed. Every system is flawed with the right backdoors or vulnerabilities to exploit.
We’re already discussing IRONSIDES here internally.
10 posted on
07/02/2013 8:29:33 AM PDT by
rarestia
(It's time to water the Tree of Liberty.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson