* Ondřej Surý:
>> Raw change rates do not tell us if zones keep at least of some of
>> their servers at constant addresses over really, really long
>> periods of time.
>
> .bank
> - deleted NS {ac1|ac2}.nstld.com. and added NS {a|b|c}.nic.bank. on November
> 20
> and
> - deleted NS {ac3|ac4}.nstld.com. and added NS {d|e|f}.nic.bank. on November
> 23
>
> Does that answer your question?
{a,b,c,d,e,f}.nic.bank and ac{1..4}.nstld.com seem to have
non-overlapping addresses.
I think this means that a simple update protocol (such as that
currently used for tzdata, or the root key and initial set of DNS
server address) will not be very reliable (at least until these
practices change).
I'm not sure if a different update protocol would be much of an
improvement over using the current with NSEC synthesis enabled. (It
would be nice if resolver software allowed configuring that for the
root separately.)
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
