[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Kurt Erik Lindqvist
kurtis at kurtis.pp.se
Wed May 21 17:33:11 UTC 2008
On 21 maj 2008, at 16.30, David Conrad wrote:
> On May 20, 2008, at 11:46 PM, Kurt Erik Lindqvist wrote:
>> I have my doubts about fixing things in code.
> You must hate
> sin.sin_port = htons( IPPROTO_DNS );
Well, yes and no. "normally" that is AFAIK looked up in /etc/services.
Which is not a constant in the code, but rather more like hits files.
Short of a bootstrapping query for ports.iana.org at startup :-)
>> Especially for boot-strapping. It just becomes even harder to
>> change the model if we ever have to...
> If you change the model, you have to muck with code.
My point is that we risk running into all kind of wired behavior in
the future. Take adding AAAA glue. Not all operators are ready for
deploying it at production quality right now. Imagine we come up with
something in the future, we then need again wait for updates of
software to propagate. Take the addition of new RRs or example. TXT
- kurtis -
More information about the dns-operations