[dns-operations] [DNSSEC] A "lame" DS record: operational problem or not?

Edward Lewis Ed.Lewis at neustar.biz
Tue Sep 14 20:42:46 UTC 2010

At 10:11 -0400 9/14/10, Olafur Gudmundsson wrote:

>Educate at the tool writers.

I would encourage any tool writers to actively consult with any zone 
owners when an anomaly is detected.  This isn't my usual "be discreet 
and not go public" rant.  There are two reasons for this 

For the tool writer, it's really rather difficult to determine the 
intent of a configuration from poking at a server.  I learned this 
lesson way back, maybe 2002 or so, thanks to things like anycast and 
such.  Contacting the administrator is the only way to learn intent 
and to know whether the anomaly was planned or not.

For the administrator, with the lack of tools to choose from today, 
they may not be aware of the anomaly.  It would be good just to 
report this, it might uncover bugs in the software or process.  In 
today's operational environment, nothing is as tried-and-true as it 
was before DNSSEC.
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Spouses, like Internet protocols, lack necessary troubleshooting tools. Sigh.

More information about the dns-operations mailing list