nanog mailing list archives
Re: AW: Odd policy question.
From: "David W. Hankins" <David_Hankins () isc org>
Date: Tue, 17 Jan 2006 09:29:29 -0800
On Sat, Jan 14, 2006 at 05:31:12PM -0500, Jeffrey I. Schiller wrote:
If registrars regularly checked for lame delegations (or checked on demand). Then a way to attack a domain would be to forge DNS responses to cause the registrar to remove the domain because it is lame. So DNSSEC would be needed to be sure...
Something more than merely DNS-SEC. DNS-SEC is about proving zone contents ("object security"). To prove lame delegation you'd need a means to identify the nameserver ("channel security") that's supplying the response. The difference between "this zone contains (or doesn't) an RR" versus "this DNS packet is from the server named George." You could prove inconsistent delegation - that the parent and child differ. But this is not necessarily lame. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
Attachment:
_bin
Description:
Current thread:
- Re: AW: Odd policy question., (continued)
- Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 13)
- Re: AW: Odd policy question. Sean Donelan (Jan 13)
- Re: AW: Odd policy question. Joe Abley (Jan 13)
- Re: AW: Odd policy question. william(at)elan.net (Jan 13)
- Re: AW: Odd policy question. Martin Hannigan (Jan 13)
- Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 14)
- Re: AW: Odd policy question. Randy Bush (Jan 14)
- Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 14)
- Re: AW: Odd policy question. Randy Bush (Jan 14)
- Re: AW: Odd policy question. Jeffrey I. Schiller (Jan 14)
- Re: AW: Odd policy question. David W. Hankins (Jan 17)
- Re: AW: Odd policy question. Valdis . Kletnieks (Jan 14)
- Re: AW: Odd policy question. Joseph S D Yao (Jan 14)
- Re: AW: Odd policy question. Martin Hannigan (Jan 13)
- Re: AW: Odd policy question. Christopher L. Morrow (Jan 13)
- Re: AW: Odd policy question. Martin Hannigan (Jan 13)
- Re: AW: Odd policy question. Florian Weimer (Jan 14)
- Re: AW: Odd policy question. William Yardley (Jan 13)
- Re: AW: Odd policy question. Randy Bush (Jan 13)
- Re: AW: Odd policy question. David W. Hankins (Jan 13)