[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Patrik Fältström patrik at frobbit.se
Thu May 22 12:54:01 UTC 2008

On 22 maj 2008, at 14.32, Edward Lewis wrote:

> At 14:10 +0800 5/22/08, Joao Damas wrote:
>> if DNSSEC was in use then the origin of the data wouldn't matter, and
>> that includes the root zone.
> During the incident, the data returned was coherent with the rest of
> the root servers, so the origin wasn't an issue.  (Harking back to
> why DNSSEC wasn't the solution to this incident.)

I claim, if we signed the root, then this incident would not had been  
such an "incident". And next time, what stops the one responding from  
responding with different data?

The fact these things can happen (and now happened) is for me one  
reason for DNSSEC and sign the root.


More information about the dns-operations mailing list