[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

David Conrad drc at virtualized.org
Wed May 21 18:26:40 UTC 2008


On May 21, 2008, at 5:14 AM, Shane Kerr wrote:
> Clients don't have any trusted way to update root name server
> addresses. If they did, then they could use that.

Exactly.

> Root name servers change IP addresses now and then. Why not do a
> really, really easy thing that will make this more secure in the  
> future?

The really, really easy thing to do, from a software perspective, is  
to NOT change the IP addresses used for the priming query.  Perfect  
(for some value of that variable) security.

Regards,
-drc






More information about the dns-operations mailing list