On Sun, Jun 4, 2023 at 4:57 PM Mark Andrews <marka@isc.org> wrote:
On 5 Jun 2023, at 06:19, William Herrin <bill@herrin.us> wrote: At an absolute minimum there's an impact to confidentiality since it causes
I don’t see a big risk here.
Hi Mark, I agree. CVEs are nevertheless issued for security problems where the risk is categorized as low. They often describe the mitigations available to address the risk as well, like installing an updated root hints file to override the compiled-in defaults. My point was not that there's some significant security risk to the root servers changing IP addresses. There isn't. My point is that there's enough of a security risk to a root server changing its IP address to merit CVEs against software statically distributed with the old address. That observation should be taken into account in any planning for the retirement of a root dns server's IP address. Such as the b-root change announced in this thread. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/