[dns-operations] New addresses for b.root-servers.net
Anand Buddhdev
anandb at ripe.net
Sat Jun 3 23:39:53 UTC 2023
On 03/06/2023 23:09, Doug Barton wrote:
Hi Doug,
[snip]
> Since the host records are the interesting bit, we do absolutely need to
> make sure that we can sanity check them somehow. I'm not sure Chris'
> suggestion to essentially "vote" on which host records are the right
> ones based on the results returned from polling all the known addresses
> is the right solution.
>
> Personally I would love to see the political drama around signing
> root-servers.net go away and have that zone signed already.
RSSAC 028 has a detailed analysis of various naming schemes for root
name servers, along with their benefits and problems. One of those
problems is that the dependency on .net can lead to failure of priming
response validation, or even a node re-delegation attack against a resolver.
Regards,
Anand
More information about the dns-operations
mailing list