[dns-operations] DNS trust dependencies for ICANN TLDs

Matthew Dempsky matthew at dempsky.org
Thu Jun 11 06:46:23 UTC 2009

On Wed, Jun 10, 2009 at 11:20 PM, bert hubert<bert.hubert at netherlabs.nl> wrote:
> One of the things that would help in the discussion would be if we
> could craft a realistic scenario how an attacker would be able to
> subvert the DNS based on an out-lying dependency.

I actually provided such an example at


The example is written with dnscache as a concrete example (and so
something that I was able to experimentally verify worked), but I'm
happy to extend it to cover other DNS software as well, or to point
out caches that are immune to this.

More information about the dns-operations mailing list