[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Patrik Fältström
patrik at frobbit.se
Thu May 22 12:54:01 UTC 2008
On 22 maj 2008, at 14.32, Edward Lewis wrote:
> At 14:10 +0800 5/22/08, Joao Damas wrote:
>
>> if DNSSEC was in use then the origin of the data wouldn't matter, and
>> that includes the root zone.
>
> During the incident, the data returned was coherent with the rest of
> the root servers, so the origin wasn't an issue. (Harking back to
> why DNSSEC wasn't the solution to this incident.)
I claim, if we signed the root, then this incident would not had been
such an "incident". And next time, what stops the one responding from
responding with different data?
The fact these things can happen (and now happened) is for me one
reason for DNSSEC and sign the root.
Patrik
More information about the dns-operations
mailing list