On May 1, 2006, at 01:15, Bill Larson wrote:
How can the "security of the DNS system" be considered as any better than the security of the parent servers?
Because the parent is not usually authoritative for its children. Sure, the parent could insert bogus delegation info: a fake glue or NS record. But this is little different from a slave server for the child that tells lies about the zone. If anything, a lying slave is probably much worse because the cache poisoning heuristics in a decent implementation will give more credence to what an authoritative child has to say than a non-authoritative parent.
Using an example from the paper. If the FBI has a delegated server that can be easily hijacked, then this would mean that a significant number of queries for information in the "fbi.gov" domain could be subverted with invalid info. This is a security issue and it is not an issue under the direct control of the FBI (except for their decision to base their operation on a third party service).
One would hope that if someone outsources DNS service to a third party, that will be subject to a contract which includes performance levels, problem escalation, response to security incidents as well as criminal or civil penalties for non-compliance. I'd get those safeguards buying a cup of coffee, so why not when buying DNS service?
Isn't this the same type of security issue evaluated with COPS?
I don't think so.