1. The Domain Name System and Internet Still Survive Presented by: Ao-Jan Su

2. Please clarify Section 4. : Two recent survey by Pappas and Ramasubramanian… most domain names are served by a small number of nameservers. Abstract: The survey shows that a typical name depends on 46 servers on average. Which one is correct?

3. Ordered Records (Large TCB is not an important issue) Most DNS queries use the first entry in the ordered list It is very unlikely to ask Rochester for Cornell’s IP address ;; QUESTION SECTION: ;cornell.edu. IN A ;; ANSWER SECTION: cornell.edu. 86400 IN A 128.253.161.179 ;; AUTHORITY SECTION: cornell.edu. 432000 IN NS dns.cit.cornell.edu. cornell.edu. 432000 IN NS cudns.cit.cornell.edu. cornell.edu. 432000 IN NS simon.cs.cornell.edu. cornell.edu. 432000 IN NS bigred.cit.cornell.edu. cornell.edu. 432000 IN NS cayuga.cs.rochester.edu.

4. Hijack FBI (DNS design ’ s fault?) reston-ns2.telemail.net is running an old nameserver (BIND 8.2.4) It is the vulnerability of software (server) NOT the design of DNS. This problem can be easily detected and corrected (by scanning the versions of BIND in the nameservers periodically and keep the software up to date)

5. OK,.edu and.org are Lazy But, this also implies that hackers have very little interest in hijacking these domains. Or cs.northwestern.edu would be hijacked now! Same reason goes to Ukraine, Belarus, San Marino, Malta… BTW Can you give me some examples of domains with.aero and.int?

6. Conclusion Don’t blame on DNS for vulnerability (bugs) of BIND TCB is not a good representation of daily DNS operations (extreme conditions should not count the same weight as normal cases) However, I agree that.edu and.org nameservers should update their BIND as soon as possible

7. Thank you.