nanog mailing list archives

Re: New addresses for b.root-servers.net

From: niels=nanog () bakker net
Date: Sun, 18 Jun 2023 20:06:08 +0200

* nanog () as397444 net (Matt Corallo) [Sun 18 Jun 2023, 19:12 CEST]:

If its not useful, please describe a mechanism by which an averagerecursive resolver can be protected against someone hijacking C rooton Hurricane Electric (which doesn't otherwise have the announcementat all, last I heard) and responding with bogus data?

No comment on DNSSEC but lg.he.net indicates that they do in factcarry a route to C-root:

---
1       76 ms   *       *       port-channel2.core2.pao1.he.net (72.52.92.65)
2       44 ms   63 ms   78 ms   palo-b24-link.ip.twelve99.net (195.12.255.209)
3       55 ms   66 ms   103 ms  cogent-ic-344188.ip.twelve99-cust.net (62.115.174.65)
4       74 ms   57 ms   120 ms  be2431.ccr41.sjc03.atlas.cogentco.com (154.54.88.189)
5       142 ms  99 ms   79 ms   be3142.ccr21.sjc01.atlas.cogentco.com (154.54.1.193)
6       53 ms   75 ms   111 ms  be3176.ccr41.lax01.atlas.cogentco.com (154.54.31.189)
7       82 ms   133 ms  85 ms   te0-0-2-0.c-root.lax01.atlas.cogentco.com (154.54.27.138)
8       60 ms   152 ms  84 ms   c.root-servers.net (192.33.4.12)
Entry cached for another 60 seconds. 2023-06-18 17:57:17 UTC
---

I don't see any ROAs for AS2149's two originated prefixes, though:https://irrexplorer.nlnog.net/prefix/192.33.4.0/24 so hijacks mightstill be easier than they could be.


Regards


        -- Niels.

Current thread:

Re: New addresses for b.root-servers.net, (continued)
- - - Re: New addresses for b.root-servers.net Wes Hardaker (Jun 15)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 15)
    - Re: New addresses for b.root-servers.net Wes Hardaker (Jun 15)
    - Re: New addresses for b.root-servers.net William Herrin (Jun 15)
    - Re: New addresses for b.root-servers.net Tom Beecher (Jun 17)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 17)
    - Re: New addresses for b.root-servers.net Crist Clark (Jun 17)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 17)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 18)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 18)
    - Re: New addresses for b.root-servers.net niels=nanog (Jun 18)
    - Re: New addresses for b.root-servers.net Cynthia Revström via NANOG (Jun 18)
    - Re: New addresses for b.root-servers.net niels=nanog (Jun 18)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 19)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 19)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 19)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 20)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 20)
    - Re: New addresses for b.root-servers.net Matt Corallo (Jun 20)
    - Re: New addresses for b.root-servers.net Masataka Ohta (Jun 20)
    - Re: New addresses for b.root-servers.net Mark Andrews (Jun 20)

(Thread continues...)