[dns-operations] New addresses for b.root-servers.net

Matthew Richardson matthew-l at itconsult.co.uk
Sun Jun 4 07:44:19 UTC 2023


Dave Knight wrote:-

>> all you can validate is the NS set. The host records cannot be validated because root-servers.net is not signed.
>
>Good point!
>
>They're still used to replace what was provided in the root.hints after the priming response is received though.

Without wishing to ask a really stupid question, is there any reason why
root-servers.net is not DNSSEC signed?

Would signing it provide additional any additional security?

--
Best wishes,
Matthew



More information about the dns-operations mailing list