Thanks. Steve On Sep 16, 2008, at 2:55 PM, Ray.Bellis@nominet.org.uk wrote:
The report is excellent. Thank you very much for sharing it with us.
You're welcome :)
I have two questions.
1) Vendor actions
What are the vendor status and/or responses? Were they contacted? did they respond? Are they planning updates?
We did contact vendor technical support, in particular to determine whether any work-arounds exist on those routers that don't appear to allow the DNS settings in the DHCP server to be changed.
However attempts to reach product management types to talk about implementation issues were generally fruitless. I did manage to report my findings to Zyxel UK through an existing contact, though.
I'm hoping that some of the vendors will get in touch with me, now that the report is published.
2) base OS?
Is there a similarity in these firmwares? eg are they using the same DNS software inside? Perhaps the vendors are not the people we should be talking to? For instance, many Linux based routers use the "dnsmasq" software. Depending on its status, it might be worth contacting the upstream software provider of the commercial router vendors.
We didn't see any direct evidence of shared code between vendors. We did see some quirks that might suggest commonality (e.g. NAT tranlation failures) but didn't look for anything to prove a link.
kind regards,
Ray
-- Ray Bellis, MA(Oxon) Senior Researcher in Advanced Projects, Nominet e: ray@nominet.org.uk, t: +44 1865 332211
############################################################# This message is sent to you because you are subscribed to the mailing list <dnssec-deployment@shinkuro.com>. To unsubscribe, E-mail to: <dnssec-deployment-off@shinkuro.com> A public archive is available here: <http://mail.shinkuro.com:8100/ Lists/dnssec-deployment/> and older material is at <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>