Hi, On 3/28/19 11:01 AM, Michael StJohns wrote:
I mostly agree with this, and would totally agree if we were completely 5011 based, but that's not the case. I think there needs to be an "interested parties" announcement even if this isn't announced widely. E.g. ISPs that do manual configuration on roll-their-own DNS resolvers etc.
Correct. PowerDNS Recursor also does not do (and probably will never do) 5011. We ship the KSK TA's in the binary but are attempting to make the OS vendors (Debian, RedHat etc.) "responsible" for providing this data as they already do for the root server hints. Many (almost most) software users have a trust-relationship with their OS vendor to provide them with up-to-date data required for continued operation. Even if one does not _pay_ for this relationship, it simply exists by the choice made by the operator to run this software stack. There are non-5011 ways to get the anchors (e.g. time fetches of the XML). But a list for announcements to interested parties, without the publication fanfare makes sense to not spring this on people. Best regards, Pieter -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com