Subject: [DNSOP] Fw: New Version Notification for draft-zuo-dnsop-delegation-confirmation-00.txt Date: Tue, Jan 02, 2024 at 03:35:03PM +0800 Quoting zuop...@cnnic.cn (zuop...@cnnic.cn): > Hi all, > We submitted a draft about DNS delegation confirmation. In the > current DNS delegation mechanism, a delegated zone/child zone can specify any > NS records at the zone apex without requiring confirmation from the zone > maintaining Glue records of these NS record. This could be exploited to lunch > new types of attacks such as NXNSattack. This draft suggests a > lightweight and backward-compatible mechanism to mitigate the risk of these > attacks.
DNSSEC solves most of this, as other replies have concluded. Effort should be directed towards deployment of existing solutions. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 The SAME WAVE keeps coming in and COLLAPSING like a rayon MUU-MUU ...
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
