cTLD and DNS upgrade
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Jul 4 15:09:18 UTC 2005
On Mon, Jul 04, 2005 at 10:44:28AM +0200,
Brad Knowles <brad at stop.mail-abuse.org> wrote
a message of 40 lines which said:
> It all depends on who you trust. Do you trust the PUBLIC-ROOT
> people to properly administer their servers, and to have a
> sufficiently geographically distributed group of servers, or do you
> trust the ICANN-blessed servers?
If you use the regular root name servers (those that are in BIND by
default), you trust several entities and it is therefore very
difficult to assert trust:
* the root name servers operators (which is itself a very diverse
group, some are very good at communication with the community they
serve, like ISC for F, and some are very secretive),
* ICANN,
* The US Departement of Commerce, which approves in writing every
change, whatever its importance, in the root zone file, and which will
continue to do so
(http://www.ntia.doc.gov/ntiahome/domainname/USDNSprinciples_06302005.htm),
* Verisign, which generates the actual zone file and sign it.
> I don't know all of the operators of the ICANN-blessed
> servers, but I know enough of them that I know I trust them to do
> their job
Technically, I have no doubt either. These people do very well their
technical job. But there are other things in the maintenance of the
root... (see the list above).
More information about the bind-users
mailing list