On Thu, Jun 25, 2015 at 11:12:40AM +0200, Gunter Grodotzki <[email protected]> wrote a message of 78 lines which said:
> But shouldn't that raise a big red flag - even if it is not your > fault? DNS operator hat _on_. At $DAYJOB, we both have secondaries for other domains, and domains for which we use outside secondaries. It has always been our policy (and, I believe, the one of the majority of DNS operators), that responsability and monitoring belongs to the _master_. If a secondary of .fr lags behind, it is _our_ role and responsability to detect it and to solve it (warning the secondary, retiring the secondary from the NS RRset, etc). If a secondary we host for .example lags behind, it is not up to us to notice, but to the .example managers. A recent example was the break of isoc.org and internetsociety.org. A secondary name server was behind and served expired signatures. IMHO, the fault is 100 % on the ISOC side: they should monitor their own zones. > thus poisoning dns-caches with wrong/outdated responses. I really find you have a poor choice of words and using "poisoning" here (which means a deliberate attack) is really bad. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
