Moin! On 26 Aug 2013, at 08:16, Randy Bush <[email protected]> wrote: > an american idiom is "keep your eye on the doughnut not the hole." this NTA > discussion focuses on the wrong thing. > > why is the frelling software on the farbled server not detecting that is has > been farbled and screaming loudly? why is it not preventing most of these > farblings in the first place? when mongolia tried to change key [alg] to one > that was not in the root, their software should not have done it. > > fix the software and the ops processes. do not patch over the problems or > they will increase. the problem is weak software and processes that need to > be fixed, and patching and denial will not fix them. I fully agree with you on better software and better processes, and better monitoring tools, etc. However keep in mind that the people deploying resolvers are not the people signing the zones. So what would your advise be to the people running resolvers/validators?
So long -Ralf _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
