[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
drc at virtualized.org
Wed May 21 18:41:35 UTC 2008
On May 21, 2008, at 10:33 AM, Kurt Erik Lindqvist wrote:
>>> Especially for boot-strapping. It just becomes even harder to
>>> change the model if we ever have to...
>> If you change the model, you have to muck with code.
> My point is that we risk running into all kind of wired behavior in
> the future. Take adding AAAA glue. Not all operators are ready for
> deploying it at production quality right now.
The BCP would specify the addresses and they would be assigned to root
server operators as they are prepared to start using them.
Again, the point is the addresses would be associated with the SERVICE
not the OPERATOR. If a root server operator decided they had better
things to do with their lives than answer DNS root queries, we
wouldn't have to deal with changing every caching server on the entire
planet. All that would change would be the organization originating
the route to the address.
> Imagine we come up with something in the future, we then need again
> wait for updates of software to propagate. Take the addition of new
> RRs or example. TXT seems popular...
You're suggesting that we're going to start putting new RRs, e.g., TXT
in the root hints file? And this isn't going to require software
updates to propagate?
More information about the dns-operations