New addresses for b.root-servers.net
Cynthia Revström
me at cynthia.re
Sun Jun 18 18:48:48 UTC 2023
Naturally C root is fine on HE over IPv4, the issue is with IPv6.
2001:500:2::c is not reachable over HE.
-Cynthia
On Sun, Jun 18, 2023 at 8:10 PM <niels=nanog at bakker.net> wrote:
>
> * nanog at as397444.net (Matt Corallo) [Sun 18 Jun 2023, 19:12 CEST]:
> >If its not useful, please describe a mechanism by which an average
> >recursive resolver can be protected against someone hijacking C root
> >on Hurricane Electric (which doesn't otherwise have the announcement
> >at all, last I heard) and responding with bogus data?
>
> No comment on DNSSEC but lg.he.net indicates that they do in fact
> carry a route to C-root:
> ---
> 1 76 ms * * port-channel2.core2.pao1.he.net (72.52.92.65)
> 2 44 ms 63 ms 78 ms palo-b24-link.ip.twelve99.net (195.12.255.209)
> 3 55 ms 66 ms 103 ms cogent-ic-344188.ip.twelve99-cust.net (62.115.174.65)
> 4 74 ms 57 ms 120 ms be2431.ccr41.sjc03.atlas.cogentco.com (154.54.88.189)
> 5 142 ms 99 ms 79 ms be3142.ccr21.sjc01.atlas.cogentco.com (154.54.1.193)
> 6 53 ms 75 ms 111 ms be3176.ccr41.lax01.atlas.cogentco.com (154.54.31.189)
> 7 82 ms 133 ms 85 ms te0-0-2-0.c-root.lax01.atlas.cogentco.com (154.54.27.138)
> 8 60 ms 152 ms 84 ms c.root-servers.net (192.33.4.12)
> Entry cached for another 60 seconds. 2023-06-18 17:57:17 UTC
> ---
>
> I don't see any ROAs for AS2149's two originated prefixes, though:
> https://irrexplorer.nlnog.net/prefix/192.33.4.0/24 so hijacks might
> still be easier than they could be.
>
> Regards
>
>
> -- Niels.
More information about the NANOG
mailing list