[AusNOG] Anonymous planning a root-servers party
Mark Andrews
marka at isc.org
Fri Feb 17 10:32:23 EST 2012
In message <1329431238.2732.13.camel at ilion>, Glen Turner writes:
> I don't get why the root servers? It's easy to get a copy of the root
> servers' zone file (or even reverse-engineer it, since the TLDs are well
> known and "dig ns" will provide the nameservers for each TLD). Then you
> configure named with static-stub to serve that copy. So even if the
> attack is successful, for the root zone there is a simple and effective
> work around which will allow the customers which use your forwarder to
> happily go about their business.
You can even do that with views and validate the answers.
managed-keys {
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
};
view "secure" {
match-clients { localnets; };
match-recursive-only yes;
server 127.0.0.1 {
keys { external; };
};
zone . {
type static-stub;
server-addresses { 127.0.0.1; };
};
zone dv.isc.org {
type static-stub;
server-addresses { 127.0.0.1; };
};
};
view "external" {
match-clients { localnets; };
recursion no;
allow-recursion { none; };
zone "." {
type slave;
file "slave/root";
masters { 192.5.5.241; };
};
zone "dv.isc.org" {
type slave;
file "slave/dv.isc.org";
masters { bsdi.dv.isc.org; };
};
};
> --
> Glen Turner <http://www.gdt.id.au/~gdt/>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the AusNOG
mailing list