Jim Reid <j...@rfc1035.com> wrote: > On 8 Jul 2014, at 16:14, Tony Finch <d...@dotat.at> wrote: > > > simply slaving the root zone doesn't give you any good way to detect > > or recover from a corrupted zone transfer. > > If that's a credible threat/risk, there are ways to mitigate it. Perhaps > v2 of this draft could discuss these.
-01 already does: it requires the slave to validate the entire zone before putting it into service, and it requires fallback to "legacy" non-slave resolution. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Shannon, Rockall: Northwest backing south or southwest, 4 or 5, occasionally 6 at first in east Shannon. Moderate, becoming slight or moderate in north Rockall. Rain later. Good, occasionally poor later. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
