What does a DNSSEC-protected priming query gain you?
I was about to ask the same question.
Accepting any old priming query and having a root SEP configured, if
the query is right all things work. If the query is wrong/forged you
won't get anywhere any how. (Without going into the weeds here -
what if one IP address were forged, what if it were 6, 16, or all of
them?)
(13 name servers => 13 A records + 7 AAAA records last check)
Besides the warm and fuzzy feeling, what do you gain? (Keep in mind
all of the TCP traffic it would take to get warm and fuzzy.)
I think that this is also discussed in Koch's priming draft.
jaap
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
