4 posts • joined 19 Jul 2007
Or use simple software
Sorry to blow my own horn here, but if you already run PowerDNS, and quite a number of large UK-based hosters do, consider upgrading to PowerDNS 3.0, which makes DNSSEC rather easy, see http://powerdnssec.org/ - it can be as simple as 'pdnssec secure-zone nominet.co.uk'.
Not the success story it appears to be
This is not as grand a success as it appears to be. The solution has been known since 1999, it is just that nobody bothered to implement it. See http://blog.netherlabs.nl/articles/2008/07/09/some-thoughts-on-the-recent-dns-vulnerability
PowerDNS & Random
Just to add my two bits. Amit Klein informed us in a very proper manner of our deficient random generator, and was helpful in finding a good replacement. We implemented his suggestion of going to AES in CTR-mode, which appears to work very well.
I can understand why not everybody goes down this route though - we've already had problems with people being unable to distribute PowerDNS because it suddenly contains 'encryption'.
DNS is vulnerable enough as it is, even with good random. Bad random is inexcusable. For more details, see http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-03
A-GPS has to be seen to be believed - fix in 10 seconds
The A-GPS on the latest N95 firmware is absolutely miraculous, transforming the GPS from mediocre to by far the best I've ever seen.
It usually now only takes 10 or 15 seconds to get a fix, even in difficult circumstances.
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Review Vulture trails claw across Lenovo's touchy N20p Chromebook