[dns-operations] DNS trust dependencies for TLDs

Matthew Dempsky matthew at dempsky.org
Thu Jun 11 17:17:52 UTC 2009

On Thu, Jun 11, 2009 at 12:46 AM, <sthaug at nethelp.no> wrote:
> It should also be pointed out that some ccTLDs have considered this,
> among several other problems. I am personally somewhat involved in the
> .no ccTLD, and I know that other issues which have been considered are
> - Geographical distribution of name servers
> - AS-level distribution of name servers
> - Operating system and name server software diversity

Having a good distribution of name servers is a good thing, but a
zone's security is only as strong as its weakest link.  If it has a
large trust graph, then it's trusting that none of those servers have
security vulnerabilities.

More information about the dns-operations mailing list