On Mon, Nov 10, 2014 at 01:34:05PM -0800, Paul Vixie wrote: > yes. parts of the 'net can be made root-serverless by accident this way,
Ok, good, I didn't misunderstand. > > And isn't there some danger that this "parallel" root becomes an > > attractive target for those who want things to be different than > > what's in the "official" root? That is, in effect, isn't this a plain > > old alternative root? > > no. any RDNS operator who receives advice on how to change their root > hints to use the unowned-anycast root server addresses will also be told > not to turn this on unless they have also turned on DNSSEC validation > and root key rollover. so, no. But my point is that it's a different zone. Once you allow for the possibility that an apex record could change in this zone, why not change other records too? And who gets to control this other zone? It's no longer "the root zone", by definition. It's an alternative zone, it seems to me. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
