--- Begin Message ---
On 4/2/20 1:01 PM, John R Levine wrote:
I would triply emphasize that. Data from the root servers show that
the vast majority of queries they get are garbage: technically
ill-formed or for names that have never existed and likely never
will.
This is another reason that I really like a local copy of the root DNS zone.
That copy has historically been a secondary copy. But I'm trying to
learn more about BIND's newer "mirror" zone option, which I think DNSSEC
validates the the transferred copy.
LocalRoot using TSIG keys seems related and is on my reading list.
I would like to get to a point where many DNS servers could safely have
a local copy of the root DNS zone.
See the pertinent RFCs for what "safely" means in this case.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
