[dns-operations] is it worth trying to get people to stop declaring authority for '.' ?

Duane Wessels wessels at dns-oarc.net
Tue Dec 2 17:27:09 UTC 2008

On Tue, 2 Dec 2008, David Dagon wrote:

> I recall Duane had investigated similar misconfigurations (perhaps a
> NANOG talk), since the host would appear to claim authority for a TLD
> or the root.

Yes.  http://dns.measurement-factory.com/surveys/poisoners.html

>   dig @ns5.namerich.cn. any zksw.com.
> used to provide an authority line similar to this (circa 2006):
>   com. 86400 IN NS ns5.namerich.cn.

And still did when I last ran my survey (Sept 2007):

>> does anybody still care?
> Old Windows 2000 resolvers are perhaps affected.  I know win2k8/win2k3
> has Kashpureff protection "on by default", but curiously lets one
> disable it in a menu option.


I think the level of care is low.  But every now and then I will
hear from someone who bought a used domain name.  They are upset
because when they google for their name, the top result points to
the TMF database and associates them with "poison."


More information about the dns-operations mailing list