> > I just compared the root zone as RedHat shipped it on Fri 07 Sep 2001,
> > with the root zone as published on root-servers.org, and only B and J
> > are different. So even using a 6 year old root zone will work fine in
>
> That is the 'hints' file - the discussion is about the full root zone
On Sat, Feb 10, 2007 at 09:50:43PM +0100, Paul Wouters wrote:
> On Sat, 10 Feb 2007, Pekka Savola wrote:
>
> > As Bert mentioned in the next message, the risk of outdated (and therefor
> > out-of-sync) roots is real.
>
> I just compared the root zone as RedHat shipped it on Fri 07 Sep 2001,
> wit
On Sat, Feb 10, 2007 at 09:50:43PM +0100, Paul Wouters wrote:
> On Sat, 10 Feb 2007, Pekka Savola wrote:
>
> > As Bert mentioned in the next message, the risk of outdated (and therefor
> > out-of-sync) roots is real.
>
> I just compared the root zone as RedHat shipped it on Fri 07 Sep 2001,
> wit
--On lördag, lördag 10 feb 2007 21.50.43 +0100 Paul Wouters
<[EMAIL PROTECTED]> wrote:
> On Sat, 10 Feb 2007, Pekka Savola wrote:
>
>> As Bert mentioned in the next message, the risk of outdated (and therefor
>> out-of-sync) roots is real.
>
> I just compared the root zone as RedHat shipped it o
On Sat, 10 Feb 2007, Ted Lemon wrote:
> To me, that is the sole use of reverse lookups. It is useful, and it's good
> if people populate the reverse tree as a habit because it helps in this way.
> But it is entirely correct to say that using the contents of the reverse tree
> to make automatic d
On Sat, 10 Feb 2007, Pekka Savola wrote:
> As Bert mentioned in the next message, the risk of outdated (and therefor
> out-of-sync) roots is real.
I just compared the root zone as RedHat shipped it on Fri 07 Sep 2001,
with the root zone as published on root-servers.org, and only B and J
are diffe
On Feb 7, 2007, at 8:14 AM, Robert Story wrote:
You are quite right, however, that I would be daft to have a firewall
rule to a control port of a router that looked like 'good-guy.*
ALLOW'.
But that doesn't mean that the first use is unreasonable.
Actually, I would argue that the first use *
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
> Joe Abley, then Peter Koch say:
>
>>> I also don't know of any formal undertaking by any of the current
>>> "real" root nameserver operators to leave un-authenticated [AI]XFR
>>> access to their servers for the root zon
Joe Abley, then Peter Koch say:
> > I also don't know of any formal undertaking by any of the current
> > "real" root nameserver operators to leave un-authenticated [AI]XFR
> > access to their servers for the root zone open, so there's the
> > operational issue of needing to verify regular
well, f-root is not RFC 2870 compliant on this point and never has been.
; <<>> DiG 9.3.1 <<>> @f.root-servers.net . axfr
; (2 servers found)
;; global options: printcmd
...
;; Query time: 505 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Sat Feb 10 17:54:15 2007
;; XFR size: 2480 records
> On Fri, Feb 09, 2007 at 11:09:51AM -0500, Joe Abley wrote:
>
> > root nameservers is TSIG-signed access to the zone data. This seems
> > like it introduces an additional attack vector for someone who wants
> > to subvert the root zone; you could announce a bogus route which
> > covers a r
On Fri, Feb 09, 2007 at 11:09:51AM -0500, Joe Abley wrote:
> root nameservers is TSIG-signed access to the zone data. This seems
> like it introduces an additional attack vector for someone who wants
> to subvert the root zone; you could announce a bogus route which
> covers a root server's
Folks,
> The DRAFT agenda for the 68th IETF Meeting can be found at:
> https://datatracker.ietf.org/public/meeting_agenda_html.cgi?meeting_num=68.
> Please note that the agenda is in draft form and is subject to change.
the preliminary assignment is a 2:10 hrs slot on Monday evening 17:40-19:50
13 matches
Mail list logo
