[dns-operations] Can Root DNS server modify the response?
Ondřej Surý
ondrej at sury.org
Tue Mar 26 15:45:12 UTC 2019
> On 26 Mar 2019, at 08:46, Matthew Pounsett <matt at conundrum.com> wrote:
>
> On Mon, Mar 25, 2019 at 15:57 Ondřej Surý <ondrej at sury.org> wrote:
> Matt, there’s no difference between NXDOMAIN and SERVFAIL from the client perspective.
>
> Except that, as has been pointed out, we're Not talking about the perspective of a single client getting a failure.
Now, were we? :) The original message was just an accusation of “censorship” without any proofs.
> If a riot operator went rogue DNSSEC would make that very obvious.
That would be true for world-wide censor ship. A targeted attack at the resolver-at-the-edge would be less obvious to the genpop.
But this is all hypothetical, I think nobody here really thinks that any of the rootops is doing any censorship for the root zone.
Ondrej
--
Ondřej Surý
ondrej at sury.org
More information about the dns-operations
mailing list