> On Nov 8, 2019, at 17:06, Bob Harold <rharo...@umich.edu> wrote: > > > I hate to admit it, and this is a little off topic, but my resolvers are not > (yet) validating.
Then your resolvers’ configuration is years out of date. All resolvers these days ship with validation enabled. > Is there a setting that will attempt to validate, and log if it fails, but > still answer the users? At that point, everyone using 8.8.8.8 or 9.9.9.9 or 1.1.1.1 or any other non-opendns resolver would not be able to access that domain. Why would you want to override that? > I hear that there are occasional sites that fail validation, and would like > to know what will break if and when I begin to validate. Nothing that the vast majority of users would already not be able to see. > I will also need to monitor the added load on the servers, although I don't > expect it to be a problem. That’s not an issue. > I realize that not everyone agrees with this level of > caution/fear/lack-of-backbone (I am sure there are other descriptions people > would prefer). It’s far too late for that level of concern by you. Paul _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy