[dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker
drc at virtualized.org
Mon Aug 11 14:12:42 UTC 2008
On Aug 11, 2008, at 2:11 AM, Florian Weimer wrote:
>> False positive - perhaps if your only threat model for DNS is Dan
>> Kaminsky powered script kiddie might make them look daft.
> Maybe. But if it's a real problem, why doesn't ICANN make sure that
> at least the gTLDs under its influence are protected before going
The recursive.iana.org site is provided by IANA. In this context,
IANA does not make a significant distinction between gTLDs and other
As for ICANN forcing the gTLDs to do something, I suspect that would
require public consultations, process development processes, lawyers
and contractual modifications and stuff. I'm guessing this would take
a bit longer than the amount of time since the vulnerability was found
until it was disclosed.
> On the other hand, if it's not that important, it's rather
> questionable to associate it with the other DNS issues we're dealing
> with right now.
So, you'd prefer IANA not do anything? A valid point of view I
suppose, however I'd note that a good number of TLDs fixed their
servers since IANA took the advisory steps it did.
More information about the dns-operations