North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Hey, SiteFinder is back, again...
On Nov 5, 2007, at 11:54 AM, Steven M. Bellovin wrote:
On Nov 5, 2007, at 8:23 AM, David Lesher wrote:What affect will Allegedly Secure DNS have on such provider hijackings, both of DNS and crammed-in content?
Right. People can run their own caching servers and can set up those servers to do DNSSEC validation after setting up (and maintaining) trust anchors for any DNSSEC signed zone they might want to validate. Of course, if they do this, the NXDOMAIN redirection won't be an issue since the customer will be bypassing the caching server that is doing the redirection...
As an aside, I note that Verizon is squatting on address space allocated to APNIC. From the self-help web page offered to opt out of this "service" (specific to the particular hardware customers might be using, e.g., http://netservices.verizon.net/portal/link/help/ item?case=c32535), they state:
"5. Change the last octet of the Primary & Secondary DNS Server addresses to 14.
You look up the DNS information and the server numbers are:
126.96.36.199 Primary DNS
188.8.131.52 Secondary DNS
You would change the addresses to the following when statically assigning them to the computer or modem/router.
184.108.40.206 Primary DNS
220.127.116.11 Secondary DNS
Note that the .14 is the special set of servers that will opt you out of the DSN Assistance program."
18.104.22.168/8 is delegated to APNIC who have allocated it to CNC Group in China:
% whois -h whois.apnic.net 22.214.171.124 % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 126.96.36.199 - 188.8.131.52 netname: CNCGROUP-BJ descr: CNCGROUP Beijing province network descr: China Network Communications Group Corporation descr: No.156,Fu-Xing-Men-Nei Street, descr: Beijing 100031 country: CN ...