[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
David Conrad
drc at virtualized.org
Wed May 21 18:26:40 UTC 2008
On May 21, 2008, at 5:14 AM, Shane Kerr wrote:
> Clients don't have any trusted way to update root name server
> addresses. If they did, then they could use that.
Exactly.
> Root name servers change IP addresses now and then. Why not do a
> really, really easy thing that will make this more secure in the
> future?
The really, really easy thing to do, from a software perspective, is
to NOT change the IP addresses used for the priming query. Perfect
(for some value of that variable) security.
Regards,
-drc
More information about the dns-operations
mailing list