[dns-operations] New addresses for b.root-servers.net

Anand Buddhdev anandb at ripe.net
Sat Jun 3 23:39:53 UTC 2023


On 03/06/2023 23:09, Doug Barton wrote:

Hi Doug,

[snip]

> Since the host records are the interesting bit, we do absolutely need to 
> make sure that we can sanity check them somehow. I'm not sure Chris' 
> suggestion to essentially "vote" on which host records are the right 
> ones based on the results returned from polling all the known addresses 
> is the right solution.
> 
> Personally I would love to see the political drama around signing 
> root-servers.net go away and have that zone signed already.

RSSAC 028 has a detailed analysis of various naming schemes for root 
name servers, along with their benefits and problems. One of those 
problems is that the dependency on .net can lead to failure of priming 
response validation, or even a node re-delegation attack against a resolver.

Regards,
Anand



More information about the dns-operations mailing list