{"id":866,"date":"2008-08-29T00:00:00","date_gmt":"2008-08-29T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2008\/08\/29\/one-character-patch-for-dns-not-so-fast\/"},"modified":"2021-12-30T11:38:17","modified_gmt":"2021-12-30T11:38:17","slug":"one-character-patch-for-dns-not-so-fast","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2008\/08\/29\/one-character-patch-for-dns-not-so-fast\/","title":{"rendered":"“One-Character Patch” for DNS? Not so fast"},"content":{"rendered":"

A domain-name system (DNS) researcher proposed on Wednesday that the addition of a single character to the popular BIND name server software could severely limit cache poisoning attacks, such as those described by researcher Dan Kaminsky. The suggestion, made by computer scientist Gabriel Somlo, would make exploitation of name server caches more difficult. However, the “one-character patch” also has some serious side effects, Dan Kaminsky, director of penetration testing for IOActive, said in an e-mail interview with SecurityFocus.<\/p>\n","protected":false},"excerpt":{"rendered":"

Some major hosts have no TTLs or very low TTLs and, for those servers, you gain very little, he said.<\/p>\n

“If we can’t override them — can’t override high TTLs — those sites go down for a very long time,” Kaminsky said.<\/p>\n

“I never claimed my one-character patch would fix all bugs in bind (sic) — I don’t have that kind of power,” Somlo joked on the mailing list.<\/p>\n

http:\/\/www.securityfocus.com\/brief\/808<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-866","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=866"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/866\/revisions"}],"predecessor-version":[{"id":3353,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/866\/revisions\/3353"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}