[Dnssec-deployment] "Two Strikes For the I-root"
Michael Richardson
mcr at sandelman.ca
Sun Jun 13 14:44:26 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> On Fri, 11 Jun 2010, Paul Wouters wrote:
Paul> Ooops, here is the link :)
Paul> http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml
So, the interesting part is:
dig @dns1.chinatelecom.com.cn. www.facebook.com.
...
www.facebook.com. 11556 IN A 37.61.54.158
www.facebook.com. 24055 IN A 78.16.49.15
www.facebook.com. 38730 IN A 203.98.7.65
and the note that:
"None of these IP addresses has anything to do with Facebook. In
fact, addresses starting with 37 haven't even been allocated by IANA as
of this writing. "
Whether or not this is evidence that i-root is serving wrong answers, or
that packets are being modified in flight, or that "dns1.chinatelecom.com.cn"
is answering with forged answers is irrelevant.
DNSSEC was designed to deal with all three issues.
Until we have DNSSEC, we won't know if Renesys was right or wrong.
(The relevance of the note is more relevant to IPv6 advocates... )
- --
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBTBUnBYCLcPvd0N1lAQJJ3Qf/V2SGBBfMsbaRz9tCNSWvWuFEyT6s9DkF
Xxsqcr8YW0/hLDhk4E8IM5Vv0kStJegEOCiVSNu5mNZznG3z12evhXQVutEmxNjS
Mm6MRnsYmCw+e1BjGA3+g+XCRzAs7eg0LN1S6BjjiDDRZ+ddpz1bzc6iijnQKmjG
tMILOef9fJfniF2AczY9tt2KS2XOW+gdQn7AS+YpwP1INgw9NB9hX6Y3PTGIhlvK
tghhaXOoXInCxkZ3SYEnYbRONw9D8CxTSsHL183UAs7FpqG4s1xBKh+UcDIqBs2h
yJT2vjGhOgi+GLbPJXjuxgfpsQkgsazI15PTAfEy2joDQXoJbKps0Q==
=hrNa
-----END PGP SIGNATURE-----
More information about the Dnssec-deployment
mailing list