[dns-operations] UDP checksum

Daisuke HIGASHI daisuke.higashi at gmail.com
Sat Mar 19 16:37:20 UTC 2016


  Weeks ago several people (in Japanese local community)
pointed out that some name servers operated by Verisign
are generating IPv4 packets without UDP checksum.

Servers which is not generating checksum are (not limited to):

- A-Root (a.root-servers.net)
198.41.0.4

- gtld-servers.net NS (av[1-4].nstld.com)
192.42.177.30
192.42.178.30
192.82.133.30
192.82.134.30

  No-checksumming violates RFC 7720 and will introduce several
security concern such as bit-squatting attack.

  I noticed this issue to Verisign two months ago and urged them
to restore UDP checksumming but they are still generating packets
without checksum.



More information about the dns-operations mailing list