<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">In a few cases, the operator of a zone does not immediately realise that there are issues. To overcome that, Matt and I have a proposal in the works (DNS-error-reporting) that lets a resolver send an error report on a broken zone to a third party, indicated by the same broken zone.</div><div class=""><br class=""></div><div class=""><a href="https://tools.ietf.org/html/draft-arends-dns-error-reporting-00" class="">https://tools.ietf.org/html/draft-arends-dns-error-reporting-00</a></div><div class=""><br class=""></div><div class="">The point of this is to get things fixed faster.</div><div class=""><br class=""></div><div class="">Hope this helps and apologies for the shameless plug.</div><div class=""><br class=""></div><div class="">Warmly,</div><div class=""><br class=""></div><div class="">Roy</div><div class=""><br class=""></div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 1 Mar 2021, at 19:08, Paul Vixie <<a href="mailto:paul@redbarn.org" class="">paul@redbarn.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On Tue, Mar 02, 2021 at 05:46:38AM +1100, Mark Andrews wrote:<br class=""><blockquote type="cite" class="">It also doesn???t help that Whois is not particularly useful. It has<br class="">improved but if you can???t report faults they don???t get fixed.<br class=""></blockquote><br class="">right. agreed. the reliable signal for "wrong key or signature" has to be a<br class="">loss of incoming traffic and a lot of complaints from one's own users. we<br class="">won't be solving this with a cron job. NTA adds deliberate assymetry between<br class="">the costs of doing DNSSEC signing wrong and the costs of coping with that.<br class=""><br class=""><blockquote type="cite" class="">-- <br class="">Mark Andrews<br class=""></blockquote><br class="">-- <br class="">Paul Vixie<br class="">_______________________________________________<br class="">dns-operations mailing list<br class=""><a href="mailto:dns-operations@lists.dns-oarc.net" class="">dns-operations@lists.dns-oarc.net</a><br class=""><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" class="">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br class=""></div></div></blockquote></div><br class=""></div></body></html>