The whole alternate-root ${STATE}horse

• Previous message (by thread): The whole alternate-root ${STATE}horse
• Next message (by thread): The whole alternate-root ${STATE}horse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 9 Jul 2005, Jay R. Ashworth wrote:

> I'm going to dive in one more time here.
>
> It's not the *root* operators that are the problem -- it's the *TLD*
> zone operators.

Oh, I can certainly agree with that; we've seen some gross abuses of TLDs
documented in gory detail right here on the NANOG list.

Of course, that too is orthogonal to who provides the delegations in "." --
except that perhaps some misguided souls are, as is relatively common,
confusing the two realms.

> > Introducing fragmented TLDs or the opportunity to supplant the common TLDs
> > places the DNS infrastructure at risk.  This is not just FUD -- DNS
> > hijacking in alternate roots has already happened.  (But if you had actually
> > read RFC2826, you would already understand this.)
>
> "infrastructure at risk".  Justify this *far-reaching* statement,
> please.  Show your work.

AlterNIC overriding .COM and .NET listings, one of the issues leading to its
demise.  (This was done in addition to the more memorable cache poisoning
attacks against INTERNIC.NET.)

The risk is uncertainty of name resolution, as the root zone can in fact
override N-level records simply by posessing a more specific name.  Root
servers are queried for the full host (but respond with the NS glue
delegation), not just the first component, which allows for such overriding.

> > Oh wait, your name wouldn't *actually* be Jim Fleming, would it?
>
> <chuckle>

Well, at least some folks remember.  8-)

-- 
-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>

• Previous message (by thread): The whole alternate-root ${STATE}horse
• Next message (by thread): The whole alternate-root ${STATE}horse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]