[dns-operations] Unplanned DLV zone outage on 2009-Apr-06

Florian Weimer fw at deneb.enyo.de
Tue Apr 7 15:41:03 UTC 2009


* Michael Graff:

> Additionally, dnssec-signzone will have additional safety checks
> added in future BIND releases.

Can't you make BIND refuse to load known bogus/bad zones altogether,
unless some special magic is applied?  (Maybe, this check should also
be applied on secondaries.)

Except in emergencies, it's better to have slightly older data than no
data at all.



More information about the dns-operations mailing list