This happens in China (on CERNET I believe): there are a set of root
mirrors that hijack most (but not all) of the root IPs. As far as we
can tell, the servers are legitimate, returning the proper responses,
except that the mirror servers don't support DNSSEC.
Those are unusual meanings for "legitimate" and "proper responses"!
Given the extensive use of anycast, these days one has only the vaguest
idea of who's answering any particular query. But if DNSSEC says it's
good, why do you care?
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
