On 8 Jul 2014, at 16:14, Tony Finch <d...@dotat.at> wrote: > simply slaving the root zone doesn't give you any good way to detect or > recover from a corrupted zone transfer.
If that's a credible threat/risk, there are ways to mitigate it. Perhaps v2 of this draft could discuss these. FWIW in playing with DNS for 20-odd years, I've never come across an actual example of zone transfer corruption, either in the protocol or the underlying TCP transport. That doesn't mean it can't happen of course. The risks are close to zero IMO. Which doesn't necessarily mean they should be ignored. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
