[dns-operations] Signing of the ARPA zone
Joe Abley
jabley at hopcount.ca
Fri Mar 26 18:39:49 UTC 2010
On 2010-03-26, at 10:55, Simon Leinen wrote:
> And if so, could this have been prevented by the phase-in procedure of
> DNSSEC for .ARPA? (And if so, how?)
I heard no reports of anything breaking as a direct consequence of ARPA being signed.
I *have* heard some reports of disruptions when people added the trust anchor for ARPA to their validator automatically, which were resolved by manual operator intervention.
I think the distinction is important, because the implications of the former are that we need to put the brakes on DNSSEC deployment in TLDs and perhaps the root, something that I don't think anybody wants to happen unnecessarily.
So, to be clear: you are saying that you have identified an operational problem when you add a trust anchor, right?
Joe
More information about the dns-operations
mailing list