[dns-operations] Can Root DNS server modify the response?

Davey Song songlinjian at gmail.com
Wed Mar 27 06:06:15 UTC 2019

Sorry I have no public articles online. But I saw prepared slides talking
about such kind of risks in a serious discussion. The risk people are
afriad of may not exits. But the concerns and worry do exist (if there is
no trust).


On Wed, 27 Mar 2019 at 12:26, Dave Warren <dw at thedave.ca> wrote:

> On 2019-03-26 20:51, Davey Song wrote:
> > AFAIK, Root servers returning SERVFAIL to specific regions or countries
> > are listed as a risk in the circle who have long concerns on Root
> > governance. But return to Cloudflare case, it is not a problem. If two
> > letters return SERVFAIL maliciously, resolvers can query other server to
> > get the answer back. So diversity of root server operators and location
> > are important in this case.
> I'd love to learn more, can you point me to an article discussing this
> topic?
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations
> <https://lists.dns-oarc.net/mailman/listinfo/dns-operationsdns-operations>
> mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190327/64da58e4/attachment.html>

More information about the dns-operations mailing list