Is what Kaminsky portrayed as a mammoth security hole in DNS (Domain Name System) is just a hurdle that could be cleared with a `singleí character patch?

On Wednesday, a domain-name system expert has come out with a claim that the security hole unearthed by Kamisky could be rectified, to a great extent, by using a single character patch. Soon Kamisky come out with a replay that the suggested solution did not address the problem comprehensively.

According to computer scientist Gabriel Somlo who come up with the suggestion, a single character to the popular BIND name server software could severely limit cache poisoning attacks. By changing a '<' to '<=' in a trust check in the Berkeley Internet Name Domain (BIND) server software, the patch would prevent a previously unknown server from poisoning the cache, unless the time to live (TTL) -- a limit on the age of a name server entry -- had expired. The suggestion by Gabriel Somlo, would make exploitation of name server caches more difficult, reports 'SecurityFocus'.

In a note sent to doxpara.com, Kaminsky appeals not to destroy DNS in order to save it. ``There are just so many ways around TTL, which itself was never designed to be a security technology in the first place. Gabrielís trick addresses one particular scenarioíí, he says.

In another email interview to Security Focus, Kamisky says, "some major hosts have no TTLs or very low TTLs and, for those servers, you gain very little, he said. Other hosts have very high TTLs. If we can't override them -- can't override high TTLs -- those sites go down for a very long time," Kaminsky said. "You don't get to fix DNS by breaking it. People will just not deploy your patch."