In article <[email protected]>, Joseph S D Yao <[email protected]> wrote:
> [This does leave a security hole - if a root name server's IP changes, > and a Bad Guy gets the old one; or on another internet, if the Bad Guy > gets all the IP addresses in the default file. It's not just lust for > control that has me using a visible root hints file.] I'm sure the folks who run these networks are quite aware of this danger. If a root server changes, I'll bet it will be several years before the old address goes to some other organization. How would a Bad Guy get these blocks, anyway? Since when do organizations return IP blocks. And if you check the registrations, several of them are assigned specifically to reserve the blocks for root servers. Presumably the intent is that even if the organizations operating them change, the IPs shouldn't -- they simply route the IPs to someone else. inetnum: 202.12.27.0 - 202.12.27.255 netname: NSPIXP-2 descr: root DNS server NetRange: 199.7.83.0 - 199.7.83.255 CIDR: 199.7.83.0/24 OriginAS: AS20144 NetName: L-ROOT -- Barry Margolin, [email protected] Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
