[dns-operations] good one was Re: DNSSEC impact ...

Mark Andrews Mark_Andrews at isc.org
Wed May 28 23:01:13 UTC 2008

> At 6:47 -0700 5/28/08, Wes Hardaker wrote:
> >  On Wed, 28 May 2008 09:03:53 +1000, Mark Andrews <Mark_Andrews at isc.org> sa
> id:
> >
> >MA> So far I've been able to pin point 100% of DNSSEC operational
> >MA> failures with "DiG" and "date".
> >
> >But can your grandmother?

	My grandmothers are both deceased so, no, I don't think they can.

	I believe I could teach my mother to and she is 70+.
> I was going to remark with the more droll "Mark you use three tools, 
> dig, date and a brain that understands DNSSEC."

	What you need to know debug configurations is significantly
	less that what you need to know to build a validator.

	To debug a configuration you assume the crypto part always
	succeeds.  What's left is just time stamps and finding
	matches between small numbers.  You just need a few simple

	DNSSEC configuration checking is simpler than checking a
	plain DNS delegation.

> But Wes' answer is better.  A "good one" to (West) Wes.
> Let's not forget the value of being a really knowledgeable person 
> when it comes to figuring out what is needed to operate something. 
> (Or having access to robust hardware/software.)
> This is not unique to DNSSEC.
> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis                                                +1-571-434-5468
> NeuStar
> Never confuse activity with progress.  Activity pays more.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the dns-operations mailing list