Re: [ga] Root-Servers missing: g.root-servers.net and k.root-servers.net

[Peter Dambier <peter@xxxxxxxx>]

Hello,

I am glad to report they are all back now.
I missed "G" for half a day.

Interestingly enough I found out

; <<>> DiG 9.4.0 <<>> +norec @k.root-servers.net chaos txt id.server
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54798
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;id.server.                     CH      TXT

;; ANSWER SECTION:
id.server.              0       CH      TXT     "k1.linx.k.ripe.net"

;; Query time: 83 msec
;; SERVER: 193.0.14.129#53(193.0.14.129)
;; WHEN: Mon Jul 28 18:11:21 2008
;; MSG SIZE  rcvd: 58

I expected "kserver.denic" for Frankfurt, but that is London.
I am told that is due to the peculiar peering policy of DTAG.de, my ISP.

What made my hairs stand on the end was to know that a lot
of people including me, feel ANYCAST is kind of a routing error.

Everybody is concerned about ISPs and Apple to fix their DNS-servers
to hide hide a bug that is as old as Cashpureff's attack.

Nobody thinks how easy it is to steal the /24 anycast cloud of
each one of the root-servers.

There are some 20 "k.root-servers.net, most of them in europe.
Stealing one of them a share of its clients will get you an
awful lot of PCs you can direct to a site with a troyan.

DNSSEC does not prevent it. The poor clients wont even see it.

The patch does not prevent it. There is no need to guess ports
or numbers.


Kind regards
Peter

-- 
Peter and Karin Dambier
Planet Communication and Computing Facility
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@xxxxxxxx
http://www.pccf.net/
http://www.peter-dambier.de/
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/