On 03/06/2023 23:09, Doug Barton wrote:
Hi Doug,
[snip]
Since the host records are the interesting bit, we do absolutely need to
make sure that we can sanity check them somehow. I'm not sure Chris'
suggestion to essentially "vote" on which host records are the right
ones based on the results returned from polling all the known addresses
is the right solution.
Personally I would love to see the political drama around signing
root-servers.net go away and have that zone signed already.
RSSAC 028 has a detailed analysis of various naming schemes for root
name servers, along with their benefits and problems. One of those
problems is that the dependency on .net can lead to failure of priming
response validation, or even a node re-delegation attack against a resolver.
Regards,
Anand
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
