[dns-operations] Online DNSSEC debugging tool now availalbe

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Tue Jul 20 16:01:09 UTC 2010

On Tue, Jul 20, 2010 at 09:15:55AM -0400, Joe Abley wrote:
> On 2010-07-19, at 23:35, bmanning at vacation.karoshi.com wrote:
> >>>    ouch.  that is going to be a mess to clean up.                                              
> >> 
> >> I can't see it, myself. Anybody who went to the trouble of manually configuring a trust anchor for ORG is going to know how to respond if/when that trust anchor breaks.                              
> >> 
> >>>     so this would never happen....
> >> 
> >> On the contrary, I think that and things like it happen in tens of thousands of companies every day. This is every-day reality.
> > 
> > 	make your mind up Joe!... :)
> I'm apparently just not good at explaining myself :-)
> I can't see the mess, myself. Trust anchors, once manually configured, will go stale. This is inevitable, and is a consequence of the fact that when you run an authoritative server you can never accurately enumerate (never mind know or reliably contact) your clients. The world will not end.
> Joe

	I guess its all a matter of degree.  Borrowing a swimming pool analogy,
	most places have signage about a prohibition on urinating in the pool.
	Its going to happen and there are chemicals and filters to take care of 
	the occasional loss of control.  I have yet to see a pool with a sign 
	that says, "please urinate to your bladders content"...  

	Its a mess either way. The world will not end, but I'd rather be swimming
	than dealing w/ bodily waste.


More information about the dns-operations mailing list