nanog mailing list archives
Re: DNS was Re: Internet Vulnerabilities
From: Randy Bush <randy () psg com>
Date: Fri, 05 Jul 2002 10:01:31 -0700
Now that we've seen enough years of experience from Genuity.orig, UltraDNS, Nominum, AS112, and {F,K}.root-servers.net, we're seriously talking about using anycast for the root server system.
without dnssec, how do we differentiate this from a routing attack on the roots? the as112 anycast thingie is fine, as who cares if someone attacks reverse servers for bogus requsts. attacking bogosity is good. :-) the decade of sprint, uunet, ... running anycast caching is within an isp is risky, but they are responsible for their own security and fate. beyond that, security and anycast don't mix well without the data being authenticated, e.g. dnssec. randy
Current thread:
- DNS was Re: Internet Vulnerabilities Simon Waters (Jul 05)
- Re: DNS was Re: Internet Vulnerabilities E.B. Dreger (Jul 05)
- Re: DNS was Re: Internet Vulnerabilities Måns Nilsson (Jul 15)
- Re: DNS was Re: Internet Vulnerabilities Brad Knowles (Jul 15)
- <Possible follow-ups>
- Re: DNS was Re: Internet Vulnerabilities Randy Bush (Jul 05)
- Re: DNS was Re: Internet Vulnerabilities Paul Vixie (Jul 05)