[dns-operations] Online DNSSEC debugging tool now availalbe

Joe Abley jabley at hopcount.ca
Tue Jul 20 13:15:55 UTC 2010

On 2010-07-19, at 23:35, bmanning at vacation.karoshi.com wrote:

>>>    ouch.  that is going to be a mess to clean up.                                              
>> I can't see it, myself. Anybody who went to the trouble of manually configuring a trust anchor for ORG is going to know how to respond if/when that trust anchor breaks.                              
>>>     so this would never happen....
>> On the contrary, I think that and things like it happen in tens of thousands of companies every day. This is every-day reality.
> 	make your mind up Joe!... :)

I'm apparently just not good at explaining myself :-)

I can't see the mess, myself. Trust anchors, once manually configured, will go stale. This is inevitable, and is a consequence of the fact that when you run an authoritative server you can never accurately enumerate (never mind know or reliably contact) your clients. The world will not end.


More information about the dns-operations mailing list