On Thu, Oct 31, 2019 at 12:06 PM Jim Reid <[email protected]> wrote: > > There are gazillions of layer-9+ problems around the introduction of new > or different distribution mechanisms at the root for serving root zone > data. Not least of these are the interminable ICANN consultations that > inevitably have to take place for anything remotely related to the root. > > Some of those problems will also apply to ADoT deployment at "busy" TLDs > and their DNS service providers. > > I think the point John Levine was making earlier relates to this, though. If the root zone is signed, it is small enough to keep a copy locally in any reasonable cache. That means many caching resolvers can avoid using DoT on queries routed to the root by using AXFR instead, to the servers mentioned in https://www.dns.icann.org/services/axfr/ or similar servers hosted elsewhere. Asking that those AXFR-suitable servers support DoT seems a much more tractable proposition and it results in the right thing.
I may have misunderstood John, of course, but that's the point of what I understood him to be saying. regards, Ted
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
