I generally agree with Geoff Huston's thoughts on this subject http://www.potaroo.net/ispcol/2019-04/root.html
Mirror zones (validated zone transfers) fall on the wrong side of the cost/benefit equation for me. But I might change my mind if there were better security for unauthenticated records (NS and glue), e.g. * xfer-over-TLS - I'm really looking forward to support for authenticated server / anonymous client for zone transfers: nice for local root zones and cross-campus zone distribution. * zone digests - interesting for end-to-end verification but maybe too complicated? Mukund Sivaraman <m...@mukund.org> wrote: > > There are some Twitter feeds about what kinds of > changes occur to the root zone and how frequently, e.g.: > > https://twitter.com/diffroot Note that @diffroot does not tweet about changes to glue addresses which happen a lot more frequently than NS and DS changes. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Biscay: Southwest, veering west, 6 to gale 8, occasionally severe gale 9 until later. Rough or very rough becoming very rough or high, becoming very rough later. Thundery showers. Good, occasionally poor. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
