[dns-operations] DNS trust dependencies for TLDs

Ondřej Surý ondrej.sury at nic.cz
Thu Jun 11 08:13:49 UTC 2009


On Thu, Jun 11, 2009 at 8:51 AM, Stephane Bortzmeyer<bortzmeyer at nic.fr> wrote:
> On Thu, Jun 11, 2009 at 12:22:13AM -0500,
>  John Kristoff <jtk at cymru.com> wrote
>  a message of 53 lines which said:
>
>> There are other dependencies, such as the routing infrastructure.
>
> Probably the biggest one. And, here, even DNSSEC cannot help. I seize
> the opportunity to promote the use of the excellent BGP monitor BGPmon
> <http://www.bgpmon.net/>. With it, you are still 0wNEd but at least
> you know it :-)

It's not only BGP. We have a silver star, but this doesn't say
anything about trust, since three of six NS uses network
infrastructure and IP addresses which are not controlled by us. Hence
those servers are vulnerable to MitM attack from routers owners.

But yes, situation with BGP is worst.

Ondrej
-- 
 Ondrej Sury
 technicky reditel/Chief Technical Officer
 -----------------------------------------
 CZ.NIC, z.s.p.o.  --  .cz domain registry
 Americka 23,120 00 Praha 2,Czech Republic
 mailto:ondrej.sury at nic.cz  http://nic.cz/
 sip:ondrej.sury at nic.cz tel:+420.222745110
 mob:+420.739013699     fax:+420.222745112
 -----------------------------------------



More information about the dns-operations mailing list