[dns-operations] Implementation of negative trust anchors?

Keith Mitchell keith at dns-oarc.net
Thu Aug 22 20:24:22 UTC 2013


>> From: Doug Barton <dougb at dougbarton.us>
> 
>> As stated before, the problem is that after the "early adopter" period 
>> is over we'll be stuck with NTAs forever. This is one of those 
>> fundamental disagreements between those who believe that DNS should 
>> always be forgiving of operator error, and those of us who do not.

So, for DNSSEC deployment transition work-arounds:
- ISC's DLV is the white list
- NTAs are the black list

and both need a best-before date ?

Keith





More information about the dns-operations mailing list