[dns-operations] DNS trust dependencies for TLDs

Matthew Dempsky matthew at dempsky.org
Thu Jun 11 17:08:01 UTC 2009


On Thu, Jun 11, 2009 at 1:13 AM, Ondřej Surý<ondrej.sury at nic.cz> wrote:
> It's not only BGP. We have a silver star, but this doesn't say
> anything about trust, since three of six NS uses network
> infrastructure and IP addresses which are not controlled by us. Hence
> those servers are vulnerable to MitM attack from routers owners.

Agreed, but even for the three name servers you do fully control,
client queries pass through a lot of network infrastructure you don't
control.  Man-in-the-middle attacks are of course a concern too, but
you can at least limit your vulnerability to them by reducing the
number of third parties your zones on.

(The gold/silver stars are just something of an in-joke from work anyway.)



More information about the dns-operations mailing list