[dns-operations] Can Root DNS server modify the response?

Davey Song songlinjian at gmail.com
Wed Mar 27 06:06:15 UTC 2019


Sorry I have no public articles online. But I saw prepared slides talking
about such kind of risks in a serious discussion. The risk people are
afriad of may not exits. But the concerns and worry do exist (if there is
no trust).

Davey

On Wed, 27 Mar 2019 at 12:26, Dave Warren <dw at thedave.ca> wrote:

> On 2019-03-26 20:51, Davey Song wrote:
> > AFAIK, Root servers returning SERVFAIL to specific regions or countries
> > are listed as a risk in the circle who have long concerns on Root
> > governance. But return to Cloudflare case, it is not a problem. If two
> > letters return SERVFAIL maliciously, resolvers can query other server to
> > get the answer back. So diversity of root server operators and location
> > are important in this case.
>
> I'd love to learn more, can you point me to an article discussing this
> topic?
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations
> <https://lists.dns-oarc.net/mailman/listinfo/dns-operationsdns-operations>
> mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190327/64da58e4/attachment.html>


More information about the dns-operations mailing list