[dns-operations] [DNSSEC] A "lame" DS record: operational problem or not?
Ed.Lewis at neustar.biz
Tue Sep 14 20:42:46 UTC 2010
At 10:11 -0400 9/14/10, Olafur Gudmundsson wrote:
>Educate at the tool writers.
I would encourage any tool writers to actively consult with any zone
owners when an anomaly is detected. This isn't my usual "be discreet
and not go public" rant. There are two reasons for this
For the tool writer, it's really rather difficult to determine the
intent of a configuration from poking at a server. I learned this
lesson way back, maybe 2002 or so, thanks to things like anycast and
such. Contacting the administrator is the only way to learn intent
and to know whether the anomaly was planned or not.
For the administrator, with the lack of tools to choose from today,
they may not be aware of the anomaly. It would be good just to
report this, it might uncover bugs in the software or process. In
today's operational environment, nothing is as tried-and-true as it
was before DNSSEC.
NeuStar You can leave a voice message at +1-571-434-5468
Spouses, like Internet protocols, lack necessary troubleshooting tools. Sigh.
More information about the dns-operations