nanog mailing list archives
Re: New addresses for b.root-servers.net
From: William Herrin <bill () herrin us>
Date: Sun, 4 Jun 2023 20:08:14 -0700
On Sun, Jun 4, 2023 at 4:57 PM Mark Andrews <marka () isc org> wrote:
On 5 Jun 2023, at 06:19, William Herrin <bill () herrin us> wrote: At an absolute minimum there's an impact to confidentiality since it causes
I don’t see a big risk here.
Hi Mark, I agree. CVEs are nevertheless issued for security problems where the risk is categorized as low. They often describe the mitigations available to address the risk as well, like installing an updated root hints file to override the compiled-in defaults. My point was not that there's some significant security risk to the root servers changing IP addresses. There isn't. My point is that there's enough of a security risk to a root server changing its IP address to merit CVEs against software statically distributed with the old address. That observation should be taken into account in any planning for the retirement of a root dns server's IP address. Such as the b-root change announced in this thread. Regards, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- Re: New addresses for b.root-servers.net, (continued)
- Re: New addresses for b.root-servers.net Jim (Jun 02)
- Re: New addresses for b.root-servers.net William Herrin (Jun 02)
- Re: New addresses for b.root-servers.net Matthew Petach (Jun 02)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
- Re: New addresses for b.root-servers.net William Herrin (Jun 03)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
- Re: New addresses for b.root-servers.net William Herrin (Jun 03)
- Re: New addresses for b.root-servers.net Izaac (Jun 04)
- Re: New addresses for b.root-servers.net William Herrin (Jun 04)
- Re: New addresses for b.root-servers.net Mark Andrews (Jun 04)
- Re: New addresses for b.root-servers.net William Herrin (Jun 04)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)
- Re: New addresses for b.root-servers.net William Herrin (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)
- Re: New addresses for b.root-servers.net Michael Butler via NANOG (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)
- Re: New addresses for b.root-servers.net William Herrin (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)
- Re: New addresses for b.root-servers.net William Herrin (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)