[dns-operations] Implementation of negative trust anchors?

Livingood, Jason Jason_Livingood at cable.comcast.com
Wed Sep 4 13:15:43 UTC 2013

On 8/23/13 12:52 PM, "Daniel Kalchev" <daniel at digsys.bg> wrote:

>Most ISP's DNS "operations" are just as clueless/careless as those
>breaking their DNS setups. NTAs are not solutions for these, because
>they won't bother with it either.

It's fun to poke at operators I guess, and that's certainly one reason why
more operators don't come to the IETF. ;-)

IMHO the experiences and knowledge that operators - which implement IETF
protocols and standards - bring as much value as the people writing the
original standards themselves. A standard is useless if no one implements
it / if it is not deployed at scale.

But getting back to ISP DNS operators being clueless/careless, of course
in this case the 'clueless/careless' parties are the ones who can't get
their authoritative practices right - not the ISP DNS operators (or other
recursive DNS operators).

>The obvious question is, do we want to codify this in BCP or even worse
>standards document?

Neither. An informational document has been proposed.


More information about the dns-operations mailing list