[dns-operations] Bloke takes over every .io domain by snapping up crucial name servers

Andrew Boling aboling at gmail.com
Tue Jul 11 16:35:03 UTC 2017


On Tue, Jul 11, 2017 at 10:28 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>
wrote:

>
> Or partially (the "attacker" did receive a lot of DNS traffic,
> depending on the resolver's behavior).


NS record refresh is not consistent across software implementations, so
yeah, the truth is somewhere in the middle. The only public research I've
seen on the topic is the following presentation, slide 8 onwards:

https://archive.icann.org/en/meetings/siliconvalley2011/bitcache/Conclusions%20from%20DNS%20Traces%20-%20Olafur%20Gudmunsson,%20Shinkuro-vid=23075&disposition=attachment&op=download.pdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170711/f9d186de/attachment.html>


More information about the dns-operations mailing list