|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Hey, SiteFinder is back, again...
On Nov 5, 2007, at 11:54 AM, Steven M. Bellovin wrote: On Nov 5, 2007, at 8:23 AM, David Lesher wrote:What affect will Allegedly Secure DNS have on such provider hijackings, both of DNS and crammed-in content? Right. People can run their own caching servers and can set up those servers to do DNSSEC validation after setting up (and maintaining) trust anchors for any DNSSEC signed zone they might want to validate. Of course, if they do this, the NXDOMAIN redirection won't be an issue since the customer will be bypassing the caching server that is doing the redirection... As an aside, I note that Verizon is squatting on address space allocated to APNIC. From the self-help web page offered to opt out of this "service" (specific to the particular hardware customers might be using, e.g., http://netservices.verizon.net/portal/link/help/ item?case=c32535), they state: "5. Change the last octet of the Primary & Secondary DNS Server addresses to 14. Example: You look up the DNS information and the server numbers are: 123.123.123.12 Primary DNS 123.123.123.12 Secondary DNS You would change the addresses to the following when statically assigning them to the computer or modem/router. 123.123.123.14 Primary DNS 123.123.123.14 Secondary DNS Note that the .14 is the special set of servers that will opt you out of the DSN Assistance program." 123.0.0.0/8 is delegated to APNIC who have allocated it to CNC Group in China: % whois -h whois.apnic.net 123.123.123.0 % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 123.112.0.0 - 123.127.255.255 netname: CNCGROUP-BJ descr: CNCGROUP Beijing province network descr: China Network Communications Group Corporation descr: No.156,Fu-Xing-Men-Nei Street, descr: Beijing 100031 country: CN ... Regards, -drc
|