[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver

David Conrad drc at virtualized.org
Tue May 27 19:40:14 UTC 2008


Paul,

On May 26, 2008, at 10:27 PM, Paul Vixie wrote:
>> % dig @ns.iana.org . axfr
>
> please have IANA let f-root know if we should fetch the root zone from
> ns.iana.org rather than from wherever we're getting it today.

You and I both know this is not something that I, IANA staff, or ICANN  
can dictate to you or any other root server operator.  IANA has  
developed and deployed a reasonably (to put it mildly) secure DNSSEC- 
signing infrastructure and make a signed version of the root zone  
available to all at ns.iana.org (with key information available at https://ns.iana.org/dnssec/status.html) 
  for demonstration/experimental/testing purposes. I had initially  
tried to have ns.iana.org be a hidden master for a set of root  
servers, but as I said previously, discussions broke down due to layer  
9 issues.

However, with that said, I'm sure folks at IANA would be interested in  
figuring out how to make the ns.iana.org system more useful for folks  
who are interested in doing stuff with it.  I suspect the right person  
to talk to would be Rick Lamb (richard.lamb at icann.org).

Regards,
-drc




More information about the dns-operations mailing list