root-servers.net be DNSSEC signed, but without a secure delegation. ...
Do any DNS resolvers use root-servers.net? I thought they took an IP
address from the local cache file and then an NS query to get the
current root set. This doesn't strike me as a problem we urgently
need to solve.
Oh, wait, now I understand the problem -- the NS records in the root only
provide the names of the root servers. There's glue with the
root-servers.net A and AAAA records but they're unsigned.
I still think that a local root mirror is likely to be less of a kludge
than whatever else we come up with to validate ADoT roots.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
