[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Randy Bush
randy at psg.com
Tue May 20 15:54:47 UTC 2008
David Conrad wrote:
> Or, you permanently lock down a set of provider independent DNS root
> service /32s and /128s (reducing the risk of prefix hijack by someone
> announcing a more specific) in a DNSOP BCP, allowing folks to
> configure filters to ensure announcements for those /32s are blocked
> and are coming from the "correct" ASes. Figuring out how to
> (securely) change everyone's caching server configuration remotely
> would no longer be an issue.
http://www.cs.ucla.edu/~lixia/papers/03TPDS.pdf
randy
More information about the dns-operations
mailing list