[dns-operations] New addresses for b.root-servers.net
Matthew Richardson
matthew-l at itconsult.co.uk
Sun Jun 4 07:44:19 UTC 2023
Dave Knight wrote:-
>> all you can validate is the NS set. The host records cannot be validated because root-servers.net is not signed.
>
>Good point!
>
>They're still used to replace what was provided in the root.hints after the priming response is received though.
Without wishing to ask a really stupid question, is there any reason why
root-servers.net is not DNSSEC signed?
Would signing it provide additional any additional security?
--
Best wishes,
Matthew
More information about the dns-operations
mailing list