In a few cases, the operator of a zone does not immediately realise that there are issues. To overcome that, Matt and I have a proposal in the works (DNS-error-reporting) that lets a resolver send an error report on a broken zone to a third party, indicated by the same broken zone.
https://tools.ietf.org/html/draft-arends-dns-error-reporting-00 <https://tools.ietf.org/html/draft-arends-dns-error-reporting-00> The point of this is to get things fixed faster. Hope this helps and apologies for the shameless plug. Warmly, Roy > On 1 Mar 2021, at 19:08, Paul Vixie <[email protected] > <mailto:[email protected]>> wrote: > > On Tue, Mar 02, 2021 at 05:46:38AM +1100, Mark Andrews wrote: >> It also doesn???t help that Whois is not particularly useful. It has >> improved but if you can???t report faults they don???t get fixed. > > right. agreed. the reliable signal for "wrong key or signature" has to be a > loss of incoming traffic and a lot of complaints from one's own users. we > won't be solving this with a cron job. NTA adds deliberate assymetry between > the costs of doing DNSSEC signing wrong and the costs of coping with that. > >> -- >> Mark Andrews > > -- > Paul Vixie > _______________________________________________ > dns-operations mailing list > [email protected] <mailto:[email protected]> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
