[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed May 21 15:06:15 UTC 2008


On Wed, May 21, 2008 at 07:53:31AM -0700,
 David Conrad <drc at virtualized.org> wrote 
 a message of 33 lines which said:

> And how would this be done?  Hint: there is no centralized control
> and the root server operators.

But there are centralized control of things like root-servers.net zone
or root.hints (the later takes more time to propagates).

ICANN / USG / Verisign (pick one or two in the list) can (correct me
if I'm wrong) delete a root name server from root-servers.net and the
root zone.

AFAIK, there is no process to do so. Simon Waters said "Presumably
ICANN will drop them from the root zone" which is, at this time, pure
supposition. Among the difficulties: what level of brokeness should a
root name server exhibits before being deleted? Not replying at all
(not a big problem in practice)? Replying NXDOMAIN to every request
(*that* would be vicious)?



More information about the dns-operations mailing list