Vernon Schryver <[email protected]> wrote: > > From: Tony Finch <[email protected]> > > > > In addition to vjs's points, note that DNSSEC makes theft of a domain > > even more visible because it is likely to cause horrible breakage for > > validating users. > > I didn't mention those alarms, because I assumed the domain was > stolen at the registrar or in the registry so that glue and DS > records would be corrected by the adversary.
I assumed that too :-) It's a common problem (see Educause recently...) The problem occurs because it is likely for caches to contain different parts of the validation chain (DS from parent, DNSKEYs and RRSIGs from child) from before and after the hack. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
