[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver
David Conrad
drc at virtualized.org
Tue May 27 19:40:14 UTC 2008
Paul,
On May 26, 2008, at 10:27 PM, Paul Vixie wrote:
>> % dig @ns.iana.org . axfr
>
> please have IANA let f-root know if we should fetch the root zone from
> ns.iana.org rather than from wherever we're getting it today.
You and I both know this is not something that I, IANA staff, or ICANN
can dictate to you or any other root server operator. IANA has
developed and deployed a reasonably (to put it mildly) secure DNSSEC-
signing infrastructure and make a signed version of the root zone
available to all at ns.iana.org (with key information available at https://ns.iana.org/dnssec/status.html)
for demonstration/experimental/testing purposes. I had initially
tried to have ns.iana.org be a hidden master for a set of root
servers, but as I said previously, discussions broke down due to layer
9 issues.
However, with that said, I'm sure folks at IANA would be interested in
figuring out how to make the ns.iana.org system more useful for folks
who are interested in doing stuff with it. I suspect the right person
to talk to would be Rick Lamb (richard.lamb at icann.org).
Regards,
-drc
More information about the dns-operations
mailing list