[dns-operations] Implementation of negative trust anchors?

[Evan Hunt]

> The best bet to keep them from a static "validation off" is an
> automatically sunsetting form.

"rndc nta ." (as I envision it) would be functionally equivalent to an
automatically sunsetting "validation off".

> I can't believe you're seriously suggesting that words in any IETF
> document telling people to use narrow NTAs would have any effect
> on resolver operators.

Of course not, but it could affect the choices made by DNS implementors.
(I expect to pay attention to Jason's draft if and when I implement this
feature.)

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.