I think this problem has a solution in IPv6, but I am not sure for IPv4. The
current draft, cga-tsig proposed to automate the process of authentication of
resolvers (DNS query resolution) and DNS servers (DNS update) in a secure
manner.
You can take a look on that draft.
Best,
Hosnieh
> On August 27, 2013 at 5:56 PM Joe Abley <[email protected]> wrote:
>
>
> Just saying :-)
>
> Begin forwarded message:
>
> > From: "[email protected]" <[email protected]>
> > Subject: [dns-operations] Request To Clear Cache: NYTimes.com
> > Date: 27 August 2013 17:55:19 EDT
> > To: <[email protected]>
> > Reply-To: [email protected]
> >
> > All,
> >
> > I am a DNS Administrator at NYTimes.com. Earlier today we had issues with
> > our registrar updating our NS records on the root servers to a malicious
> > site. The registrar has since locked our domain with the registry on our
> > proper Name Servers. We have had reports that the malicious site that our
> > domain was redirected to was infecting users with malware. It would be a
> > great service to the internet if everyone could please clear their cache
> > for NYTimes.com. I understand that several other large websites/domains
> > are experience the same thing. I would not be surprised if several request
> > like this come in over the list today.
> >
> > Thanks,
> > David Porsche
> > Systems Administrator
> > The New York Times
> > _______________________________________________
> > dns-operations mailing list
> > [email protected]
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> > dns-jobs mailing list
> > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
