Validating zones as a slave? (Fw: [DNSOP] I-D Action: draft-ietf-dnsop-root-loopback-04.txt)
Tony Finch
dot at dotat.at
Wed Sep 16 11:05:36 UTC 2015
Paul Vixie <paul at redbarn.org> wrote:
> Tony Finch wrote:
> > Paul Vixie <paul at redbarn.org> wrote:
> >> what behaviour would you have instead?
> >
> > Continue to use the old zone until a valid version can be transferred.
>
> in defiance of the SOA timing parameters (zone expiry)?
No.
> in defiance of the DNSSEC timing parameters (signature validity period)?
No.
> my view is, ignoring bad zones is fine, but will not prevent zone or
> signature expiration.
Right.
The threat model is, I am on the road and I happen to connect to a
malicious network when my DNS server tries to refresh its copy of
the root zone.
If I do not have a local copy of the root zone then normal DNSSEC
validation should make the malicious network appear to be broken.
I can re-connect to a less-malicious network and things should work
better.
If I do have a copy of the root zone and the malicious network manages to
corrupt it, I can't reconnect to another network and get things working
again.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.
More information about the bind-workers
mailing list