[dns-operations] DNS trust dependencies for ICANN TLDs
Matthew Dempsky
matthew at dempsky.org
Thu Jun 11 06:46:23 UTC 2009
On Wed, Jun 10, 2009 at 11:20 PM, bert hubert<bert.hubert at netherlabs.nl> wrote:
> One of the things that would help in the discussion would be if we
> could craft a realistic scenario how an attacker would be able to
> subvert the DNS based on an out-lying dependency.
I actually provided such an example at
http://shinobi.dempsky.org/~matthew/dnstrust/example.html
The example is written with dnscache as a concrete example (and so
something that I was able to experimentally verify worked), but I'm
happy to extend it to cover other DNS software as well, or to point
out caches that are immune to this.
More information about the dns-operations
mailing list