This is a discussion on The worst thing about the exploit -- Have you done your part? - DNS ; BIND-USERS, One issue about this exploit that I think a lot of people may be overlooking is the fact that it does not directly impact the OWNER of the DNS records in question, but the CONSUMERS of that data. As ...
One issue about this exploit that I think a lot of people may be
overlooking is the fact that it does not directly impact the OWNER of
the DNS records in question, but the CONSUMERS of that data.
As the owner of "my-cheap-rail-tickets-online.com", you can patch
everything you own, insure that your firewalls are perfect, and hire
five extra DNS admins, but it's not going to help you keep your clients
healthy and happy.
Your clients are the mom-n-pop users -- the folks at the end of the
ISP's feeding chain. The people that don't the difference between the
US state code for Tennessee and the country code for Tunisia. The folks
using "Billy Bob's Bait-and-Tackle (and Internet Stuff)" as a provider.
Your business depends on Billy Bob getting his recursive servers fixed
so that your customers can still get to your website (or the websites of
your co-located customers, etc.)
Does that scare anyone? It scares me.. a lot.
How do we get out and inform Billy Bob that something that has been
working just fine for years is suddenly not quite so perfect and that
his customers might be affected.
Additionally, Billy Bob's customers are going to be affected in ways
that don't directly affect his operations, so it's hard to get him to
understand why he needs to do anything. His customers will still be
sending him the check every month even if their login information for
"my-cheap-rail-tickets" was siphoned off to someone in a foreign land.
By being on this list, you have proven that you actually are interested
in the DNS infrastructure. If you look around, you won't see Billy Bob
here, and yet, he affects YOUR customers, and by that, your profit
margin (or reputation).
What can we as the bind-users community do about Billy Bob?
Have you contacted your local ISPs (or tested their servers since they
well may be open recursors?) Have you pounded the pavement and talked
to folks at your local users groups and tech gatherings about the problem?
I'm willing for anyone to use my slides (http://alan.clegg.com/800113)
as the basis for spreading the word. Make presentations. Tell your
friends. Tell your colleagues. TELL YOUR COMPETITION.
I'm planning to have a video of me giving the presentation on-line soon
so that the nuances of the presentation are more clear, but if you have
any questions regarding it before then, please send me mail (off-list).
The storm is coming.. have you done your part?