<div><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jun 2, 2023 at 10:20 AM Chris Adams <<a href="mailto:cma@cmadams.net">cma@cmadams.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">Once upon a time, Dave Knight <<a href="mailto:dave@knig.ht" target="_blank">dave@knig.ht</a>> said:<br>
> Aiui BIND9 uses the root.hints just once on receipt of the first query when starting with an empty cache, whereupon it will use the hints to find a root server to do a priming query, replacing the hints with the result of that.<br>
<br>
It's been a long while since I looked - how is that done? Do the<br>
resolvers query multiple servers from their hints (and somehow resolve<br>
differences), or do they just pick one at random and accept the results?</blockquote><div dir="auto"><br></div><div dir="auto">That could be very implementation specific. IIRC, unbound would pick a working one from the root.hints and prime its list from there.</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)" dir="auto"><br>
<br>
It seems like maybe if they'd query multiple and take a majority opinion<br>
of the results, the potential damage of hijacking of an old IP would be<br>
minimized.<br>
-- <br>
Chris Adams <<a href="mailto:cma@cmadams.net" target="_blank">cma@cmadams.net</a>><br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div></div>