[dns-operations] Bloke takes over every .io domain by snapping up crucial name servers
Tony Finch
dot at dotat.at
Wed Jul 12 16:43:53 UTC 2017
Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>
> And I believe this was because of the suggestions in RFC 5452. Even
> at the time I remember some thinking that this could result in a
> different attack path, but I haven't gone back to look at my archives.
There's no mention of delegation or glue in RFC 5452.
I think the actual inspiration was section 4 of Vixie's resolver
improvements draft: "Upgrading NS RRset Credibility Upon Delegaton Events"
https://tools.ietf.org/html/draft-vixie-dnsext-resimprove#section-4
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Wight: East or northeast 4 or 5. Slight, occasionally moderate at first. Fair.
Good.
More information about the dns-operations
mailing list