[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Ed.Lewis at neustar.biz
Fri May 23 15:33:27 UTC 2008
At 9:22 -0600 5/23/08, Danny McPherson wrote:
>Well, it's implicitly mentioned in the Renesys blog, for
>"Everything checked out for our limited tests. So at least the bogus name
>servers might have been providing the correct responses while they were in
>service, which may be why no one noticed a problem."
Unless I am missing something, that doesn't indicate or even hint
that there was incoherency.
>And I've mentioned it, and it's been mentioned here, and
>it was mentioned on the ICANN blog, and...
From the ICANN blog (http://blog.icann.org/?p=309):
"ICANN has also been monitoring the results returned by these IP
addresses through the entire time it was advertised, and believes it
was always providing accurate root responses throughout its
Again, no hint or allegation of incoherency.
So, I am still asking - did anyone report any incoherency during the
>If someone changed your resolve.conf file and put a new
>resolver in there that you've never seen that may or may
>not have been malicious, but no one noticed any type
>of "incoherency", then everything is fine? You might
>subscribe to such a thing, I don't. Then escalate this to
>a root level...
>Look, you're welcome to ignore this if you want, I don't
I don't see what you are driving towards, that is not at all related
to the L-root incident. (It's a case of a host security failure
allowing system files to be corrupted.)
>I was focused more along the lines of fundamental security for
>end users, not burning DNSSEC.
I'm not burning DNSSEC. I'm just pointing out that it is not the
tool for the L-root incident (as was suggested by an earlier post).
Edward Lewis +1-571-434-5468
Never confuse activity with progress. Activity pays more.
More information about the dns-operations