You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the weblog More good news from the world's Prison Guard

#6 Re: More good news from the world's Prison Guard Posted by dkg (216.254.xx.xx) on Sat 14 Apr 2007 at 18:37 glanz said: I do not trust the fascist US government to control anything, including the root zone. I have similar reservations, but i'm not sure what to do about it. How do you act on this distrust? Do you use alternate root servers? Do you have some other means of mapping names to the various information stored by DNS (IP addresses (A RRs), preferred mail exchangers (MX RRs), service providers (SRV RRs), etc)? Do you run any DNS servers yourself, whether for a LAN or publicly on the 'net? If so, how do you cope with the inherent spoofability of the nameservice you offer? Have you investigated how DNSSEC might minimize those risks? DNSSEC also had technical shortcomings with regard to replay attacks, wildcarding, zone enumeration, and NXDOMAIN responses, if my admittedly poor memory serves. Of course, regular DNS is subject to similar (and much worse) security concerns. Are there alternative architectures that you think are worth investigating?

Username:	Anonymous
Title:
Your Comment:
Posting Format:	BBCode HTML Text Plain Text Textile

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account