Oct. 9, 2024
7:33 p.m.
- continue providing DNS root service on the address what does it matter if the DNS answer validates?
2/3rds of the Internet doesn’t validate after decades and it doesn’t appear the rate of change is improving all that much?
its not really getting any better - 2/3 of the Internet works on the misguided assumption that it you send a packet to the "correct" IP address then the response is also "correct". It opens the door to all kinds of abuse, and it seems like a small thing to me not to make this situation any worse by permitting masquerading DNS root servers to camp on "old" root server addresses. https://stats.labs.apnic.net/dnssec/XA?hc=XA&hx=0&hv=1&hp=1&hr=1&w=1&p=0 Geoff