Multiple DNS implementations vulnerable to cache poisoning

Joao Damas Joao_Damas at
Thu Jul 10 10:17:08 UTC 2008

I would love to get input on that be it in Dublin or elsewhere, both  
sides: the authoritative server and the recursive validator. We have  
ideas and want to do this but I will not claim to be the owner of THE  
TRUTH, so input is much desired.


PS: I would also want a copy of, or a secure method to access, the  
public part of the keys you use to sign those ccTLDs so I can place  
them in ISC's DLV registry

On 10 Jul 2008, at 01:17, Randy Bush wrote:

> David Conrad wrote:
>>>> There are 4 ccTLDs (se, bg, pr, br) that are signed.
>>> wanna crawl in a corner in dublin and i can sign a few?
>> Love to.  We can also put your trust anchors in the prototype ITAR  
>> (see
>> the first part of
> aside from just getting some cctlds signed, i will be interested in  
> the
> tools, usability, work flow, ...  i.e. what is it like for a poor
> innocent cctld which wants to sign their zone?
> randy

More information about the NANOG mailing list