[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Danny McPherson
danny at tcb.net
Fri May 23 14:12:39 UTC 2008
On May 22, 2008, at 7:54 AM, Edward Lewis wrote:
> At 14:25 +0100 5/22/08, Simon Waters wrote:
>
>> Was "believed to be coherent". I'm sure it was, but no one can
>> prove it since
>> any rogue root operator could serve different data to different
>> addresses.
>
> Given the absence of any claim, proof, or indication of incoherent
> answers, I'd stick with "was coherent." As you say later, clarity
> regarding the problem to be solved is important - so "expanding" the
> accusations to say only believed to be coherent is leading to less
> clarity.
>
> Unless someone actually has factual knowledge that there were
> incoherent responses. Anyone?
This seems backwards to me. Someone asserts reachability
for a root name server, fields queries to that root, and you're
saying the burden of proof should be on the community to
provide "proof" of incoherent answers? So, I could do the
same, and so long as my queries are _presumably coherent,
it's not a problem?
What if this were done in order to manipulate just a single
zone, say yourbank.com, or tla.gov, or ecommerce.com,
surely it'd be difficult to identify in such a case, and a full
enumerate near impossible.
-danny
More information about the dns-operations
mailing list