[dns-operations] What would it take...

[Edward Lewis]

> On Mar 11, 2015, at 16:18, Rob Foehl <rwf at loonybin.net> wrote:

> What about the case of bad data in the parent, regardless of where it lands on the malice / stupidity scale?  Loud warnings to this effect at zone (re)load time would be one thing, but refusing to load the zone entirely would mean the broken DS isn't the only operational problem...
> 
> -Rob

In this case it isn't that the operating state is broken, it is that the next state is. So failing the operation is a good thing. 

I'm not talking about hypothetical failure modes but modes that have been observed in TLDs and below. 

To be fine grained, this is a mater for key management and not zone management.  Our problem arose in part because we used a tool that combined key management and zone serving. It did its job, we didn't do ours. Wished the automated system would have saved us.