[134235] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: .gov DNSSEC operational message

daemon@ATHENA.MIT.EDU (Tony Finch)
Thu Dec 30 15:12:26 2010

In-Reply-To: <20101229165652.GB2294@vacation.karoshi.com.>
From: Tony Finch <dot@dotat.at>
Date: Thu, 30 Dec 2010 20:11:19 +0000
To: "bmanning@vacation.karoshi.com" <bmanning@vacation.karoshi.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On 29 Dec 2010, at 16:56, bmanning@vacation.karoshi.com wrote:
>=20
>    presuposes the attack was server directed.  the DNS-sniper will take
>    out your locally configured root KSK &/or replace it w/ their own.

If they can do that then you have MUCH bigger problems than authenticity of D=
NS replies.

Tony.
--
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/=


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[134235] in North American Network Operators' Group

Re: .gov DNSSEC operational message

daemon@ATHENA.MIT.EDU (Tony Finch)Thu Dec 30 15:12:26 2010

daemon@ATHENA.MIT.EDU (Tony Finch)
Thu Dec 30 15:12:26 2010