[dns-operations] Online DNSSEC debugging tool now availalbe
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Tue Jul 20 16:01:09 UTC 2010
On Tue, Jul 20, 2010 at 09:15:55AM -0400, Joe Abley wrote:
>
> On 2010-07-19, at 23:35, bmanning at vacation.karoshi.com wrote:
>
> >>> ouch. that is going to be a mess to clean up.
> >>
> >> I can't see it, myself. Anybody who went to the trouble of manually configuring a trust anchor for ORG is going to know how to respond if/when that trust anchor breaks.
> >>
> >>> so this would never happen....
> >>
> >> On the contrary, I think that and things like it happen in tens of thousands of companies every day. This is every-day reality.
> >
> > make your mind up Joe!... :)
>
> I'm apparently just not good at explaining myself :-)
>
> I can't see the mess, myself. Trust anchors, once manually configured, will go stale. This is inevitable, and is a consequence of the fact that when you run an authoritative server you can never accurately enumerate (never mind know or reliably contact) your clients. The world will not end.
>
>
> Joe
I guess its all a matter of degree. Borrowing a swimming pool analogy,
most places have signage about a prohibition on urinating in the pool.
Its going to happen and there are chemicals and filters to take care of
the occasional loss of control. I have yet to see a pool with a sign
that says, "please urinate to your bladders content"...
Its a mess either way. The world will not end, but I'd rather be swimming
than dealing w/ bodily waste.
--bill
More information about the dns-operations
mailing list