[afnog] Root Server Operators and DNS encryption

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Mar 31 11:00:03 UTC 2021


On Wed, Mar 31, 2021 at 01:05:04PM +0400,
 Loganaden Velvindron <loganaden at gmail.com> wrote 
 a message of 9 lines which said:

> FYI:
> https://root-servers.org/media/news/Statement_on_DNS_Encryption.pdf
> 
> What are the plans for the ccTLDs in our region ?

Note that DoT between resolvers and authoritative servers is not yet a
standard. At this time, deployments (for instance the authoritative
servers for facebook.com) are experimental.

As mentioned by Yazid Akanho, it is probably better now to focus on
deploying privacy-protection techniques on resolvers. Two are
mentioned in the root operators statement (QNAME minimisation and
local synthesis of negative answers, the second one requiring DNSSEC,
which should be enabled everywhere but is not). Another one which may
be interesting, especially if your resolver has a poor connection to
all root name servers, is slaving of the root, described in RFC 8806.




More information about the afnog mailing list