New addresses for b.root-servers.net

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 4, 2023 at 4:57 PM Mark Andrews <marka at isc.org> wrote:
> > On 5 Jun 2023, at 06:19, William Herrin <bill at herrin.us> wrote:
> > At an absolute minimum there's an impact to confidentiality since it
> > causes

> I don’t see a big risk here.

Hi Mark,

I agree. CVEs are nevertheless issued for security problems where the
risk is categorized as low. They often describe the mitigations
available to address the risk as well, like installing an updated root
hints file to override the compiled-in defaults.

My point was not that there's some significant security risk to the
root servers changing IP addresses. There isn't. My point is that
there's enough of a security risk to a root server changing its IP
address to merit CVEs against software statically distributed with the
old address. That observation should be taken into account in any
planning for the retirement of a root dns server's IP address. Such as
the b-root change announced in this thread.

Regards,
Bill Herrin

-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]