[dns-operations] Bloke takes over every .io domain by snapping up crucial name servers

Tony Finch dot at dotat.at
Wed Jul 12 16:43:53 UTC 2017

Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> And I believe this was because of the suggestions in RFC 5452.  Even
> at the time I remember some thinking that this could result in a
> different attack path, but I haven't gone back to look at my archives.

There's no mention of delegation or glue in RFC 5452.

I think the actual inspiration was section 4 of Vixie's resolver
improvements draft: "Upgrading NS RRset Credibility Upon Delegaton Events"

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Wight: East or northeast 4 or 5. Slight, occasionally moderate at first. Fair.

More information about the dns-operations mailing list