[dns-operations] root? we don't need no stinkin' root!
Tony Finch
dot at dotat.at
Tue Nov 26 20:58:06 UTC 2019
I generally agree with Geoff Huston's thoughts on this subject
http://www.potaroo.net/ispcol/2019-04/root.html
Mirror zones (validated zone transfers) fall on the wrong side of the
cost/benefit equation for me. But I might change my mind if there were
better security for unauthenticated records (NS and glue), e.g.
* xfer-over-TLS - I'm really looking forward to support for authenticated
server / anonymous client for zone transfers: nice for local root zones
and cross-campus zone distribution.
* zone digests - interesting for end-to-end verification but maybe too
complicated?
Mukund Sivaraman <muks at mukund.org> wrote:
>
> There are some Twitter feeds about what kinds of
> changes occur to the root zone and how frequently, e.g.:
>
> https://twitter.com/diffroot
Note that @diffroot does not tweet about changes to glue addresses which
happen a lot more frequently than NS and DS changes.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Biscay: Southwest, veering west, 6 to gale 8, occasionally severe gale 9 until
later. Rough or very rough becoming very rough or high, becoming very rough
later. Thundery showers. Good, occasionally poor.
More information about the dns-operations
mailing list