[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

[David Conrad]

Kurtis,

On May 21, 2008, at 10:33 AM, Kurt Erik Lindqvist wrote:
>>> Especially for boot-strapping. It just becomes even harder to  
>>> change the model if we ever have to...
>> If you change the model, you have to muck with code.
> My point is that we risk running into all kind of wired behavior in  
> the future. Take adding AAAA glue. Not all operators are ready for  
> deploying it at production quality right now.

The BCP would specify the addresses and they would be assigned to root  
server operators as they are prepared to start using them.

Again, the point is the addresses would be associated with the SERVICE  
not the OPERATOR.  If a root server operator decided they had better  
things to do with their lives than answer DNS root queries, we  
wouldn't have to deal with changing every caching server on the entire  
planet.  All that would change would be the organization originating  
the route to the address.

> Imagine we come up with something in the future, we then need again  
> wait for updates of software to propagate. Take the addition of new  
> RRs or example. TXT seems popular...

You're suggesting that we're going to start putting new RRs, e.g., TXT  
in the root hints file?  And this isn't going to require software  
updates to propagate?

Regards,
-drc