> "it's not like this hasn't been reported, and fixed, many times by many > others" - so if it's fixed so many times, how come it was still vulnerable, > and ISC had to issue their patches? Because its just a 16-bit field. DNS is broken. Cache poisoning will happen. Those are the facts on the ground. The only argument left is the degree of brokenness. > -Amit Tim Newsham http://www.thenewsh.com/~newsham/