[dnssec-key-tf] Publication method (was: DLV and trust anchor repositories)

Previous message: [dnssec-key-tf] Publication method (was: DLV and trust anchor repositories)

Next message: [dnssec-key-tf] Publication method (was: DLV and trust anchor repositories)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Karrenberg
Thu Sep 27 14:17:09 CEST 2007

On 25.09 14:08, Daniel Karrenberg wrote:
> 
> Well, I considered it obvious that port 53 would also work
> on *ns*.iana.org. I just checked to be sure and yes it does.
> This provides the canonical format .... 

... deafening silence ... are we considering our job done by
the good folks at the IANA?

One particular recommendation we could make is to ask the RIPE NCC
to operate dedicated secondary servers for the signed root zone 
published by the IANA on ns.iana.org. Important seems to me that 

	- these remain isolated from the rest of the DNS,
	- there be a defined level of service
	- there be an authenticated method of fetching the data and
	- there be an agreement with IANA about this.

Another thing the RIPE NCC could do is to help IANA make their fetching
of the data from TLD servers more spoof-proof by fetching it reglarly 
by the 60+ probes that DNSMON uses making an aggregate of the most often
heared responses and lag any inconsistencies...

Daniel

Previous message: [dnssec-key-tf] Publication method (was: DLV and trust anchor repositories)

Next message: [dnssec-key-tf] Publication method (was: DLV and trust anchor repositories)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Dnssec-key-tf Archive ]