root hints
Barry Margolin
barmar at alum.mit.edu
Sat Jan 29 04:12:29 UTC 2011
In article <mailman.1562.1296270623.555.bind-users at lists.isc.org>,
Joseph S D Yao <jsdy at tux.org> wrote:
> [This does leave a security hole - if a root name server's IP changes,
> and a Bad Guy gets the old one; or on another internet, if the Bad Guy
> gets all the IP addresses in the default file. It's not just lust for
> control that has me using a visible root hints file.]
I'm sure the folks who run these networks are quite aware of this
danger. If a root server changes, I'll bet it will be several years
before the old address goes to some other organization.
How would a Bad Guy get these blocks, anyway? Since when do
organizations return IP blocks.
And if you check the registrations, several of them are assigned
specifically to reserve the blocks for root servers. Presumably the
intent is that even if the organizations operating them change, the IPs
shouldn't -- they simply route the IPs to someone else.
inetnum: 202.12.27.0 - 202.12.27.255
netname: NSPIXP-2
descr: root DNS server
NetRange: 199.7.83.0 - 199.7.83.255
CIDR: 199.7.83.0/24
OriginAS: AS20144
NetName: L-ROOT
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list