D. J. Bernstein
Internet publication
DNScache
The DNScache security guarantee
I offer $500 to the first person
to publicly report a verifiable security hole in the latest version of DNScache.
Examples of security holes:
- Buffer overflows allowing attackers to take over DNS caches,
such as the NXT bug in BIND before 8.2.2-P4 (1999).
- Buffer overflows allowing attackers to take over DNS servers,
such as the IQUERY bug in BIND before 8.1.2-T3B (1998).
- Buffer overflows allowing attackers to take over DNS clients.
- Buffer overflows allowing attackers to take over DNS utilities.
Bugs outside of DNScache, such as OS bugs or browser bugs, do not qualify.
The vulnerability of DNS to forgery does not qualify.
Denial-of-service attacks do not qualify.
(An attacker can easily take down the Domain Name System,
or selected parts of it; this is not news.)
My judgment is final as to what constitutes a security hole in DNScache.
Any disputes will be reported here.