On 2015-11-17 14:13, Mark Andrews wrote:
In message <564ba3e3.9060...@hireahit.com>, Dave Warren writes:
On 2015-11-16 18:09, Grant Taylor wrote:
It's my understanding that ALL of the root servers would have to
change all of their addresses at the same time for DNS to be impacted.
Or, the IP formerly used as a root server could turn malicious and start
offering an alternate response. This would only impact resolvers that
had outdated root hints, and also happened to try that particular IP
first, but it's at least a theoretical risk.
Which is why those addresses get held back from reassignment. It is a
known risk that is mitigated.
Understood and agreed, there's little real-world risk, but it's
important to understand that this risk is mitigated by policy, not by
technology.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
