[dns-operations] DNS trust dependencies for TLDs
Ondřej Surý
ondrej.sury at nic.cz
Thu Jun 11 08:13:49 UTC 2009
On Thu, Jun 11, 2009 at 8:51 AM, Stephane Bortzmeyer<bortzmeyer at nic.fr> wrote:
> On Thu, Jun 11, 2009 at 12:22:13AM -0500,
> John Kristoff <jtk at cymru.com> wrote
> a message of 53 lines which said:
>
>> There are other dependencies, such as the routing infrastructure.
>
> Probably the biggest one. And, here, even DNSSEC cannot help. I seize
> the opportunity to promote the use of the excellent BGP monitor BGPmon
> <http://www.bgpmon.net/>. With it, you are still 0wNEd but at least
> you know it :-)
It's not only BGP. We have a silver star, but this doesn't say
anything about trust, since three of six NS uses network
infrastructure and IP addresses which are not controlled by us. Hence
those servers are vulnerable to MitM attack from routers owners.
But yes, situation with BGP is worst.
Ondrej
--
Ondrej Sury
technicky reditel/Chief Technical Officer
-----------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americka 23,120 00 Praha 2,Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
sip:ondrej.sury at nic.cz tel:+420.222745110
mob:+420.739013699 fax:+420.222745112
-----------------------------------------
More information about the dns-operations
mailing list