[dns-operations] .mm off the air for anyone who validates

Mark Andrews marka at isc.org
Fri Jan 18 22:13:03 UTC 2013


In message <OFC5B41012.CD564C20-ON85257AF7.005CF6A1-85257AF7.005D50AA at e1b.org>, WBrown at e1b.org writes:
> Chris Thompson wrote on 01/18/2013 10:06:25 AM:
> 
> > Is fudging the expiry times like that really a good idea? If all
> > all validators allowed a 10% overrun, DNS operators would just
> > get 10% sloppier and we would back where we started.

10% of what.  Time since the start of the universe?
 
> In some percentage of cases, that will most likely be true.  In others, 
> there may be an extenuating circumstance that delays the process. 

Total BS.  Those records should have been re-signed at least two
weeks ago to work in with zone's expire timer.  If they could not
sign the zone two weeks ago they should have gone insecure by having
the DS records pulled from the root.  There is no valid excuse for
letting your zone go to invalid.

> I think this comes under "be liberal in what you accept."

No it doesn't.
 
> Confidentiality Notice: 
> This electronic message and any attachments may contain confidential or 
> privileged information, and is intended only for the individual or entity 
> identified above as the addressee. If you are not the addressee (or the 
> employee or agent responsible to deliver it to the addressee), or if this 
> message has been addressed to you in error, you are hereby notified that 
> you may not copy, forward, disclose or use any part of this message or any 
> attachments. Please notify the sender immediately by return e-mail or 
> telephone and delete this message from your system.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list