[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Danny McPherson danny at tcb.net
Fri May 23 14:12:39 UTC 2008

On May 22, 2008, at 7:54 AM, Edward Lewis wrote:

> At 14:25 +0100 5/22/08, Simon Waters wrote:
>> Was "believed to be coherent". I'm sure it was, but no one can  
>> prove it since
>> any rogue root operator could serve different data to different  
>> addresses.
> Given the absence of any claim, proof, or indication of incoherent
> answers, I'd stick with "was coherent."  As you say later, clarity
> regarding the problem to be solved is important - so "expanding" the
> accusations to say only believed to be coherent is leading to less
> clarity.
> Unless someone actually has factual knowledge that there were
> incoherent responses.  Anyone?

This seems backwards to me.  Someone asserts reachability
for a root name server, fields queries to that root, and you're
saying the burden of proof should be on the community to
provide "proof" of incoherent answers?    So, I could do the
same, and so long as my queries are _presumably coherent,
it's not a problem?

What if this were done in order to manipulate just a single
zone, say yourbank.com, or tla.gov, or ecommerce.com,
surely it'd be difficult to identify in such a case, and a full
enumerate near impossible.


More information about the dns-operations mailing list