nanog mailing list archives

Re: DNS hijack?

From: Rubens Kuhl <rubensk () gmail com>
Date: Fri, 12 Nov 2021 20:08:12 -0300





DNSSEC would help here.   NetSol's rogue nameserver wouldn't be able to
produce
the signed zone if validation were required.

Nope, they could just remove the DS since they are the registrar for that
domain. DNSSEC only protects against a DNS provider going rogue, not your
own hired registrar.


Rubens

Current thread:

Re: DNS hijack?, (continued)
- - Re: DNS hijack? Jeff Shultz (Nov 11)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Matthew Petach (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Robert L Mathews (Nov 12)
    - Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Richard (Nov 12)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Jim (Nov 12)
    - Re: DNS hijack? Rubens Kuhl (Nov 12)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Stephane Bortzmeyer (Nov 13)
    - Re: DNS hijack? Nick Hilliard (Nov 13)