root hints operation
Dave Warren
davew at hireahit.com
Tue Nov 17 22:15:05 UTC 2015
On 2015-11-17 14:13, Mark Andrews wrote:
> In message <564BA3E3.9060008 at hireahit.com>, Dave Warren writes:
>> On 2015-11-16 18:09, Grant Taylor wrote:
>>> It's my understanding that ALL of the root servers would have to
>>> change all of their addresses at the same time for DNS to be impacted.
>> Or, the IP formerly used as a root server could turn malicious and start
>> offering an alternate response. This would only impact resolvers that
>> had outdated root hints, and also happened to try that particular IP
>> first, but it's at least a theoretical risk.
> Which is why those addresses get held back from reassignment. It is a
> known risk that is mitigated.
Understood and agreed, there's little real-world risk, but it's
important to understand that this risk is mitigated by policy, not by
technology.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the bind-users
mailing list