Ted Lemon <mel...@fugue.com> wrote:
>> Same way that I got my zone bootstrapped when I first bought it.
> When you bootstrapped it, you didn't already have a key established.
> Now you do. Is the ISP supposed to just trust you when you re-key your
> zone? This seems like a nice attack surface.
As Mark said, if it's an ISP provided zone, then pushing the new DS is done
under the TSIG key that the DHCP established. (So,
ted-lemon-house.isp.example.net,
and the reverse map).
If it's fugue.com, then you have to go to your registrar and change DS.
This is largely akin to what you'd do if your key was compromised.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting for hire =-
pgpXU0Od9tCH0.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
