Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmChris's Wiki :: blog/sysadmin/UnderstandingIODNSIssue2017-07-13T20:06:17+00:00
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/UnderstandingIODNSIssue
jmUsing data from glue records instead of looking things up yourself is common but not mandatory, and there are various reasons why a resolver would not do so. Some recursive DNS servers will deliberately try to check glue record information as a security measure; for example, Unbound has the harden-referral-path option (via Tony Finch). Since the original article reported seeing real .io DNS queries being directed to Bryant's DNS server, we know that a decent number of clients were not using the root zone glue records. Probably a lot more clients were still using the glue records, through.
(via Tony Finch)]]>via:fanf dns security dot-io cctlds glue-records delegationhttps://pinboard.in/https://pinboard.in/u:jm/b:79776642bf4f/