oss-sec mailing list archives
Re: Root name server changes -> bind
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 22 May 2008 11:31:55 +0200
* Jonathan Smith:
Why did ICANN allow the old IP address to be taken by an untrusted party?
The party isn't untrusted (they're still involved in operating the B root). They're not a third party, either, they're the legitimate owner of that address block. ICANN should have arranged for a longer transition period, as it was done in previous transitions (I think a few older address still respond to queries).
It would seem that IPs formerly used by root DNS servers should be permanently retired to prevent just this sort of thing.
There's no way to retire an IP address, especially if it is located in a network prefix that is still in production (which was a driving force behind most past root servers migrations).
Current thread:
- Root name server changes -> bind Marcus Meissner (May 21)
- Re: Root name server changes -> bind Jonathan Smith (May 21)
- Re: Root name server changes -> bind Florian Weimer (May 22)
- Re: Root name server changes -> bind Jonathan Smith (May 22)
- Re: Root name server changes -> bind Florian Weimer (May 22)
- Re: Root name server changes -> bind Florian Weimer (May 22)
- Re: Root name server changes -> bind Jonathan Smith (May 21)
- Re: Root name server changes -> bind Steven M. Christey (May 21)
- Re: Root name server changes -> bind security curmudgeon (May 21)
- Re: Root name server changes -> bind Mark J Cox (May 22)
- Re: Root name server changes -> bind security curmudgeon (May 21)
- Re: Root name server changes -> bind Thijs Kinkhorst (May 22)
- Re: Root name server changes -> bind Marcus Meissner (May 23)