[dns-operations] Implementation of negative trust anchors?

Livingood, Jason Jason_Livingood at cable.comcast.com
Wed Sep 4 14:58:02 UTC 2013


Last but not least, I observed some conflicting feedback in this thread on NTAs. So I am wondering whether there is comparatively more consensus on these two issues:

1 – Responsibility for authoritative DNSSEC mistakes rests with authoritative operators
(written up quickly in http://tools.ietf.org/html/draft-livingood-auth-dnssec-mistakes-00)

2 – In case of DNSSEC validation failures, don't change resolvers
(written up quickly in http://tools.ietf.org/html/draft-livingood-dont-switch-resolvers-00)

Any thoughts? (Standing back – I may be throwing a can of gasoline into the fire.) :-)

- Jason

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130904/f857d455/attachment.html>


More information about the dns-operations mailing list