[dns-operations] Just another "sitefinder" ISP
Mark Andrews
Mark_Andrews at isc.org
Thu May 22 23:09:11 UTC 2008
> On May 22, 2008, at 4:06 AM, Florian Weimer wrote:
> > Kabel Deutschland
> > makes it non-transparent, currently on the customer's entry point to
> > the
> > DNS network.
> ...
> > Using magic addresses for the root servers would only encourage such
> > tampering. So I agree that it's not a good idea.
>
> Again, the root server addresses are already well known and must be.
> Locking down those addresses so that we don't have to deal with
> traffic going to "old root server" addresses is completely orthogonal
> to the fact that some caching server operators have decided to muck
> with the data they serve.
>
> Regards,
> -drc
What really suprises me is that there havn't been any reports
of "cease and desist" requests from companies who have
NXDOMAIN's coming from their authoritative servers re-written
into address being sent to these ISP's.
This is a documented threat and impacts on the reputation
of companies who's responses are being re-written. What
would be nice is for the request to be ignored and there
to be some case law established. I would think a company
that signs its zones would have a much stronger case as it
is clear that they have taken steps to ensure that the data
returned from their servers cannot be compromised without
it being detected.
Mark
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list