Claiming Authority for root
Barry Margolin
barmar at genuity.net
Thu Jun 29 19:54:18 UTC 2000
In article <4.2.2.20000629211918.00cf9790 at nordic.cisco.com>,
Johnny Fribert Lauridsen <jlaurids at cisco.com> wrote:
>
>At 12:24 29/06/2000 -0600, Allen Bettiyon wrote:
>>This is exactly my concern. I am wondering how many name servers out
>>there would actually be 'stupid' enough to ask me for root request. One
>>would think that the only people asking my server would be those whose
>>NS records point to my name servers from the 'real' root servers.
>>However, I have heard rumors that some implementations of dns will do
>>otherwise.
>
>Correct, in some DNS SW you can alter the root's and add and delete root
>name servers as you wish.
You can do this in all of them. But the question is why anyone would
intentionally put his server in their root server list if they didn't want
to be "hijacked" by his version of the root domain.
As I mentioned in another message, the problem is that when his server
answers queries, it will include the NS records for the zone that the
queries came from in the Authority Records section of the response. Since
he's putting records directly into the root zone, he'll send root NS
records in his responses. Other servers may then cache those records.
Actually, there's one way I can think of to avoid causing problems with
this. Even though your server is authoritative for the root zone, it
doesn't need to list itself in the NS records in the zone. Put all the
standard ROOT-SERVER.NET NS records in your root zone, and they'll be
copied into the Authority Records section of the replies.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list