[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Ed.Lewis at neustar.biz
Fri May 23 14:37:53 UTC 2008
At 8:12 -0600 5/23/08, Danny McPherson wrote:
>This seems backwards to me. Someone asserts reachability
>for a root name server, fields queries to that root, and you're
>saying the burden of proof should be on the community to
>provide "proof" of incoherent answers? So, I could do the
>same, and so long as my queries are _presumably coherent,
>it's not a problem?
No, that's not the point...the point is that as far as this most
recent incident was concerned, incoherency was not mentioned until
the subject post. As the post started out saying we needed a clear
description of the problem to solve, I questioned the suggestion that
there were incoherent responses.
From all accounts, the responses from the ersatz L root server were
the same as from the other servers. While it is possible that
incoherency could happen in this situation, there is no evidence that
Going back to the "what is the problem" - the problem here is that
the registered holder of the IP space took advantage of the vacancy
of the root server. This is a situation that only 13 entities could
possibly have, but, as Daniel posted regarding the RIPE NCC's server,
not all 13 will.
It is possible that this is a unique event. How many other root
servers are sitting on addresses not registered to the server
operator? (I don't know without looking it up.) In this (possibly)
unique event, the added spice is that the root server address is
registered to the operator of a different root server. And that is
probably why incoherency didn't happen.
But getting back to the question at hand - I do think there is a
burden of proof upon the accusers, in general. I guess what's the
missing link is that I'm not saying that in this incident there was
no "guilt" - it's just that there was no evidence of incoherency and
we shouldn't add to the legend post mortem. We had something go
wrong here, incoherency wasn't part of it.
Edward Lewis +1-571-434-5468
Never confuse activity with progress. Activity pays more.
More information about the dns-operations