Andy So if I understand you correctly you are proposing the logical extreme of caching.....push entire chunks of DNS info to lower levels of hierarchy.
How you considered what the security implications of this are? You are giving each lower DNS node more power which means if that lower node gets 0wned then more damage can be done right? Chris On Fri, Apr 28, 2006 at 06:28:08PM -0700, Andrew Lentvorski wrote: > James G. Sack (jim) wrote: > >So, has this idea been proposed somewhere (other than here? <heh>). > > Yes, but the political considerations prevent it, for now. > > The folks who run the root servers are afraid to allow full zone > transfers as that means that whoever can receive the transfer > effectively becomes another root server. This has the effect that it > diminishes the hold that the root servers have on the net and the > political power that goes with that. > > This will not change until DNS actually fails for an extended amount of > time. > > -a > > > -- > [email protected] > http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list > -- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-0804 Email: [EMAIL PROTECTED] _______________________________________ -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
