[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Paul Vixie paul at vix.com
Thu May 22 18:03:13 UTC 2008

> But it depends whether you think the "incident" is people asking a server
> that they shouldn't because it is removed (due to poor maintenance of their
> root hints - I suspect I'm guilty here since my preferred OS release cycle
> is slower than the 6 month announcements - or broken DNS resolvers), or that
> they accepted and believed the answers they received uncritically.

root hints are only to be used when there is no cached RRset for ". IN NS".
anyone who sends more than one query per week to old-L has a software bug,
not just an out-of-date hints file.

this is why ISC SIE collects old-root query data and shares it with academics
in real time.  we need to learn who these resolvers are and what bugs they
have, so we can contact their authors and operators, and get them fixed.

More information about the dns-operations mailing list