To:
Bill Manning <bmanning@isi.edu>
Cc:
moore@cs.utk.edu (Keith Moore), randy@psg.com (Randy Bush), he@runit.no (Havard Eidnes), seamus@bit-net.com, users@ipv6.org, dnsop@cafax.se, ngtrans@sunroof.eng.sun.com
From:
"Perry E. Metzger" <perry@piermont.com>
Date:
21 Jan 2001 13:58:57 -0500
In-Reply-To:
Bill Manning's message of "Sun, 21 Jan 2001 10:04:12 -0800 (PST)"
Sender:
owner-dnsop@cafax.se
Subject:
Re: (ngtrans) Re: IPv6 dns
Bill Manning <bmanning@ISI.EDU> writes: > THe last time it was seriously raised was at the Joint IETF/ISOC mtg in > Montreal. The failure modes are pretty spectactular, at least until > DNSsec is deployed and applications can verify the accuracy of the data > received from a root server. You can probably manage to forge data in a significant way right now -- I'm not sure host routes in the DFZ would make that substantially worse. It is also possible to use standard policy mechanisms to note attempts to hijack one of the routes... .pm