Multiple DNS implementations vulnerable to cache poisoning

David Conrad drc at virtualized.org
Wed Jul 9 16:59:27 UTC 2008


On Jul 9, 2008, at 9:05 AM, Christopher Morrow wrote:
>> Understanding that immediate DNSSEC deployment
>> is not a realistic expectation..."  I wonder what NANOG folk can do
>> about the second part of that quote...
>
> get the root zone signed, get com/net/org/ccTLD's signed.. oh wait,

There are 4 ccTLDs (se, bg, pr, br) that are signed.
As Joe has indicated, ORG is moving towards signing their zone (as are  
several more ccTLDs).

> that's not nanog... doh!
>
> Pressure your local ICANN officers?

Mmph.  https://ns.iana.org/dnssec/status.html

(it's out of ICANN's hands)

Regards,
-drc





More information about the NANOG mailing list