[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Randy Bush randy at psg.com
Tue May 20 15:54:47 UTC 2008

David Conrad wrote:
> Or, you permanently lock down a set of provider independent DNS root  
> service /32s and /128s (reducing the risk of prefix hijack by someone  
> announcing a more specific) in a DNSOP BCP, allowing folks to  
> configure filters to ensure announcements for those /32s are blocked  
> and are coming from the "correct" ASes.  Figuring out how to  
> (securely) change everyone's caching server configuration remotely  
> would no longer be an issue.



More information about the dns-operations mailing list