[dns-operations] Bloke takes over every .io domain by snapping up crucial name servers

[Tony Finch]

Robert Edmonds <edmonds at mycre.ws> wrote:
>
> Matt's article assumes resolvers that are happy to use glue addresses to
> reach nameservers but there are at least some resolver implementations
> that actively attempt to find a zone's authoritative nameserver
> addresses when following a delegation rather than relying on glue
> address records.

A particular instance of this is Unbound with "harden-referral-path"
enabled - https://unbound.net/documentation/unbound.conf.html

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Portland, Plymouth: North 4 or 5, becoming variable 4. Slight or moderate.
Fair. Good.