[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Daniel Karrenberg daniel.karrenberg at ripe.net
Fri May 23 08:57:42 UTC 2008


On 22.05 07:31, David Conrad wrote:
> Kurtis,
> 
> On May 21, 2008, at 11:20 PM, Kurt Erik Lindqvist wrote:
> > Given how rare a renumbering event is, I doubt we have a problem to  
> > solve in the first place.
> 
> We have just had an experience proof that it is a problem.  I'm not  
> sure how anyone benefits from pretending that problem doesn't exist.

Again: What is the real extent of this problem? 

The protocol supports renumbering through the priming query already.

The problem manifests itself only for those users who do not follow
long established best practises and do not do so for a long time.
And even those loosers would only really loose if someone was to
publish a different root zone on one of the old addresses. 
Do we really need to provide soloutions for this class of users and
for that -so far- hypothetical case?  Wouldn't there be other, easier
more efficient courses of action if someone decided to lie on one of 
these old addresses?

Daniel



More information about the dns-operations mailing list