[dns-operations] cool idea regarding root zone inviolability

Chuck Anderson cra at WPI.EDU
Mon Dec 1 15:09:09 UTC 2014


On Sun, Nov 30, 2014 at 02:29:15PM -0800, Paul Vixie wrote:
> > Doug Barton <mailto:dougb at dougbarton.us>
> > Sunday, November 30, 2014 1:21 PM
> > ...
> >
> > We still need a way to verify the entire contents of the zone however.
> > This goes beyond just transfers, it would be nice to be able to verify
> > that a zone downloaded using a method other than transfers is both
> > accurate and complete.
> 
> why? (your use case is not obvious from what you've written.) are you
> trying to ensure that errors that creep by TCP's error checking or that
> result from silent sending-side failures where both the starting and
> ending SOA are present but the middle is corrupt? or are you trying to
> ensure that a tertiary server can't be lied to by its secondary server?

Silent on-disk corruption.  It happens, and it would be nice to be
able to detect that.



More information about the dns-operations mailing list