To:
"Perry E. Metzger" <perry@wasabisystems.com>
Cc:
Havard Eidnes <he@runit.no>, seamus@bit-net.com, users@ipv6.org, dnsop@cafax.se, ngtrans@sunroof.eng.sun.com
From:
Randy Bush <randy@psg.com>
Date:
Fri, 19 Jan 2001 14:44:06 -0800
Sender:
owner-dnsop@cafax.se
Subject:
Re: IPv6 dns
>> bad aim. the worry is not AAAA and A6 RRs. it is bogus NS RR for the root >> zone. > In what way will actual AAAA or A6 records for root zone hosts be > "bogus"? again, lack of specifics of a test plan don't make answering ANY questions easy. but once again and again and again and again ... o if you deploy a rogue root server o its ip address will be cached in other servers o and one or more of those servers may indirectly pass that additional data to deployed v4 binds that are quite vulnerable to cache poisoning and yes, that is old vulnerable software and should be updated. but it is not our prerogative to break it any more than it is a cracker's prerogative to break into a vulnerable site. and once again and again and again and again ... this is just one worry about one *rumored* experiment. without a statement of specifically what needs to be tested, and the corresponding test plan, discussion of vulnerabilities in a non-existant test plan are tenuous at best. randy