Once upon a time, Sanford Whiteman <[EMAIL PROTECTED]> said:
> Dave, you are certainly correct. We just performed a giant name server
> migration and can verify that NSI's database has dual primary keys, or
> what-have-you, that prevent the attack. A name server's IP address can only
> be associated with one NIC handle...once you bind a hostname to the IP, the
> hostname is bound to the NIC handle as well. The only way to change this
> information is to be the contact for the name server's domain. No one else
> can duplicate either of the keys.
What you are missing is this: if a domain has name servers that do NOT
exist in the root server list, they can be changed. The original
example of hotmail.com was a good one.
hotmail.com. 12m40s IN NS ns3.hotmail.com.
hotmail.com. 12m40s IN NS ns1.jsnet.com.
hotmail.com. 12m40s IN NS ns1.hotmail.com.
ns1.jsnet.com is not a registered name server, so you could try to
register an IP address for it other than its real address.
Now, if NetSol (and all of the registrars) restrict registration of a
name server to the technical/zone contacts for the domain (jsnet.com in
the above case), you _should_ still be okay.
--
Chris Adams <[EMAIL PROTECTED]>
Systems and Network Administrator - HiWAAY Information Services
I don't speak for anybody but myself - that's enough trouble.
