[dns-operations] .mm off the air for anyone who validates

Chris Thompson cet1 at cam.ac.uk
Fri Jan 18 15:06:25 UTC 2013

On Jan 18 2013, Stephane Bortzmeyer wrote:

>On Fri, Jan 18, 2013 at 09:08:37AM +1100,
> Mark Andrews <marka at isc.org> wrote 
> a message of 38 lines which said:
>> .mm failed to re-sign their DNSKEY RRset.
>Note that, because Unbound is tolerant by default ("10 % rule"),
>Unbound users will see the problem only on Sunday:

Is fudging the expiry times like that really a good idea? If all
all validators allowed a 10% overrun, DNS operators would just
get 10% sloppier and we would back where we started.

Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715       United Kingdom.

More information about the dns-operations mailing list