Re: Fingerprinting DNS implementations.

["Mathias Samuelson" <mathias.samuelson@dimension.se>]

> Or, it could turn into a war of bug fixing, which would be constructive, 
> and would motivate people to move to less buggy versions of their name 
> server software.

Just my $0.02. It's, as you all know, surprisingly often the case that 
the network operators aren't even aware of what version of software they 
are running. I've heard some people argue that they shouldn't run 
anything else than whatever version of BIND Sun bundles with Solaris, no 
matter how many vulnerabilities there's in that software. Obscuring the 
fact that one is running such software doesn't seem to be a good 
security measure anyway.

So, for what it's worth, I agree with those who are pro what Dean and 
Jakob is doing.

All best
Mathias
--
   Mathias Samuelson
Phone: +46 (0)8 5058 3111
     Dimension AB

You can fetch my GnuPG key (CB6D9D85) with fingerprint
B98BB34ADAA91D4F2F47E6363EC2C8BDCB6D9D85
from (e.g.) blackhole.pca.dfn.de.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>