[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Kurt Erik Lindqvist kurtis at kurtis.pp.se
Wed May 21 17:33:11 UTC 2008


On 21 maj 2008, at 16.30, David Conrad wrote:

> On May 20, 2008, at 11:46 PM, Kurt Erik Lindqvist wrote:
>> I have my doubts about fixing things in code.
>
> You must hate
>
> sin.sin_port = htons( IPPROTO_DNS );
>
> then.

Well, yes and no. "normally" that is AFAIK looked up in /etc/services.  
Which is not a constant in the code, but rather more like hits files.  
Short of a bootstrapping query for ports.iana.org at startup :-)

>
>> Especially for boot-strapping. It just becomes even harder to  
>> change the model if we ever have to...
>
> If you change the model, you have to muck with code.

My point is that we risk running into all kind of wired behavior in  
the future. Take adding AAAA glue. Not all operators are ready for  
deploying it at production quality right now. Imagine we come up with  
something in the future, we then need again wait for updates of  
software to propagate. Take the addition of new RRs or example. TXT  
seems popular...

- kurtis -



More information about the dns-operations mailing list