[dns-operations] .mm off the air for anyone who validates
Chris Thompson
cet1 at cam.ac.uk
Fri Jan 18 15:06:25 UTC 2013
On Jan 18 2013, Stephane Bortzmeyer wrote:
>On Fri, Jan 18, 2013 at 09:08:37AM +1100,
> Mark Andrews <marka at isc.org> wrote
> a message of 38 lines which said:
>
>> .mm failed to re-sign their DNSKEY RRset.
>
>Note that, because Unbound is tolerant by default ("10 % rule"),
>Unbound users will see the problem only on Sunday:
Is fudging the expiry times like that really a good idea? If all
all validators allowed a 10% overrun, DNS operators would just
get 10% sloppier and we would back where we started.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list