[62279] in North American Network Operators' Group
Re: News of ISC Developing BIND Patch
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Wed Sep 17 08:10:56 2003
Date: Wed, 17 Sep 2003 14:10:32 +0200 (CEST)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Simon Waters <Simon@wretched.demon.co.uk>
Cc: Nanog Mailing List <nanog@merit.edu>
In-Reply-To: <3F684B56.10308@wretched.demon.co.uk>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 17 Sep 2003, Simon Waters wrote:
> As such any root server operator can potentially hijack a significant
> amount (majority?) of Internet traffic, at least if no one notices
> something odd, and figures out what is going on too quickly. This is DNS
> security 101...
> A single rogue root server could be very messy to cleanup after if the
> person in control of the rogue server were skilled in the art (and root
> server operators are suppose to be so skilled to get the job).
Fortunately people will start noticing within minutes if not seconds. A
quick manual purge of the resolver cache should suffice for cleanup once
the problem itself has been fixed.
