[dns-operations] Just another "sitefinder" ISP
Mark_Andrews at isc.org
Thu May 22 23:09:11 UTC 2008
> On May 22, 2008, at 4:06 AM, Florian Weimer wrote:
> > Kabel Deutschland
> > makes it non-transparent, currently on the customer's entry point to
> > the
> > DNS network.
> > Using magic addresses for the root servers would only encourage such
> > tampering. So I agree that it's not a good idea.
> Again, the root server addresses are already well known and must be.
> Locking down those addresses so that we don't have to deal with
> traffic going to "old root server" addresses is completely orthogonal
> to the fact that some caching server operators have decided to muck
> with the data they serve.
What really suprises me is that there havn't been any reports
of "cease and desist" requests from companies who have
NXDOMAIN's coming from their authoritative servers re-written
into address being sent to these ISP's.
This is a documented threat and impacts on the reputation
of companies who's responses are being re-written. What
would be nice is for the request to be ignored and there
to be some case law established. I would think a company
that signs its zones would have a much stronger case as it
is clear that they have taken steps to ensure that the data
returned from their servers cannot be compromised without
it being detected.
> dns-operations mailing list
> dns-operations at lists.oarci.net
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations