On Tue, Aug 12, 2014 at 06:59:37PM +0200, Stephane Bortzmeyer <[email protected]> wrote a message of 14 lines which said:
> The author says "your domain name registrar can introduce an error to > the root domain database and match your domain to an incorrect DNS > servers (this actually happened earlier in history of some domain > registrars)" but my human memory cannot find an actual documented > case. Anyone can mention one or was it just speculation? One case mentioned by Tony which is not exactly that, but close: http://news.netcraft.com/archives/2005/01/18/lapse_at_melbourne_it_enabled_panixcom_hijacking.html One mentioned in ANSSI's guide on DNS: http://blogs.cisco.com/security/hijacking-of-dns-records-from-network-solutions/ [If you take Network Solutions' words literally...] > DNSSEC would have mitigated the problem if the domain had been > properly managed, which was apparently not the case. Someone asked me to be more precise: if the DNS hoster does both the provisioning (including the signing) and the publication on its DNS servers, then, DNSSEC would not help (GIGO). But if the user does the provisioning / signing, and relies on the DNS hoster just for publication (the user being just a stealth master), DNSSEC would protect against blunders by the DNS hoster. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
