[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Thu May 22 04:41:44 UTC 2008

On Wed, May 21, 2008 at 02:45:44PM -0700, David Conrad wrote:

> There is no assumption that the "golden" addresses would not be  
> I'm suggesting we fix the problem of renumbering root servers.  We can  
> either fix it by removing the problem (that is, not renumber) or we  
> can come up with a protocol and implement the protocol (and ignore the  
> fact that old root server address still get O(100) queries per second  
> after 10 years).
> Regards,
> -drc
	"golden" addresses are frowned on offically by the IAB.
	fixing the "problem", can be :

	- not renumbering ever again (ISC seems to like this approch,
		they can hard-code more prefixes into BIND)
	- come up w/ a new method/protocol


	- rethink how the DNS implementation varies from the protocol
	  and change implementation attributes.

	backwards compatability is a fine goal but at the expense of 
	progress, this might be problematic.


More information about the dns-operations mailing list