[dns-operations] good one was Re: DNSSEC impact ...
Mark Andrews
Mark_Andrews at isc.org
Wed May 28 23:01:13 UTC 2008
> At 6:47 -0700 5/28/08, Wes Hardaker wrote:
> > On Wed, 28 May 2008 09:03:53 +1000, Mark Andrews <Mark_Andrews at isc.org> sa
> id:
> >
> >MA> So far I've been able to pin point 100% of DNSSEC operational
> >MA> failures with "DiG" and "date".
> >
> >But can your grandmother?
My grandmothers are both deceased so, no, I don't think they can.
I believe I could teach my mother to and she is 70+.
> I was going to remark with the more droll "Mark you use three tools,
> dig, date and a brain that understands DNSSEC."
What you need to know debug configurations is significantly
less that what you need to know to build a validator.
To debug a configuration you assume the crypto part always
succeeds. What's left is just time stamps and finding
matches between small numbers. You just need a few simple
rules.
DNSSEC configuration checking is simpler than checking a
plain DNS delegation.
> But Wes' answer is better. A "good one" to (West) Wes.
>
> Let's not forget the value of being a really knowledgeable person
> when it comes to figuring out what is needed to operate something.
> (Or having access to robust hardware/software.)
>
> This is not unique to DNSSEC.
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis +1-571-434-5468
> NeuStar
>
> Never confuse activity with progress. Activity pays more.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list