

Identity Theft Hits the Root Name Servers - babul
http://www.renesys.com/blog/2008/05/identity_theft_hits_the_root_n_1.shtml

======
babul
These bogus servers appeared to be providing correct responses, so what do you
think the people running these bogus root servers got out of it?

Perphaps redirects of just a handful of sites for some reason?

~~~
xirium
Some of the activity could be entirely innocent. For example, if you're an
ISP, answering queries on the old address would reduce traffic. Other sites
may do it to increase reliability and with no intention of the route becoming
public.

10 years ago, there were a few parties offering your own TLD for US$500 per
year or more. (This is trivial to configure within BIND.) Unfortunately, it
only worked if you used specific name servers. For a site wanting its own
intranet TLD, it would be trivial to configure if they used the default name
server addresses and therefore any change of root server address could cause
any number of sites to inadvertently broadcast routes.

Highlighting these "rogue" servers could be a ploy to discourage the use of
autonomous root servers. ICANN is keen to note that any fragmentation of DNS
threatens the stability of teh iNterweb, or somesuch tosh. However, in this
case, ICANN's decision to move the address of a root server was very badly
publicised and will cause ongoing problems for decades.

~~~
babul
Thanks Dean. Interesting.

On a side note it was great to meet you at the TC event at the Festival Hall
last week.

