> On 14 Feb 2019, at 08:58, zuop...@cnnic.cn wrote: > > the premise is the recursive server should completely trust an Authenticated > server
You’ve already made that clear. The problem with that premise is it’s a false one. It represents a naive/unrealistic view of how the DNS is used. Your proposal also needs all the authoritative servers for some zone to be under the same administrative/operational control. That’s also a false premise. And naive/unrealistic. It’s been explained to you that many organisations, TLDs in particular, don’t do that. They arrange service from multiple DNS providers to avoid single points of failure, improve redundancy, have extra capacity, etc, etc. > if an DNSSEC_enabled authotative server(no matter it is Alice or Bob) is evil > and modifies DNS records, it will succeed because it has private key and can > fake anything That premise is wrong too. Only the master server needs access to the private DNSSEC key. That master server isn’t necessarily in the zone's NS RRset and handling queries from resolving servers. Besides, if someone gives their private key to someone else -- in this case another authoritative DNS server -- by definition it isn’t a private key any more. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
