Gert Doering wrote on 11/06/2019 21:50:
On Tue, Jun 11, 2019 at 08:40:05PM +0200, Jonas Frey wrote:
The time window might be small, but serving wrong answers was not
acceptable for us.
ok, but in the automated world of today this small window is likely to
be _really_ small.
Only if everything works perfectly. Especially "customer asks for
the auth records and then moves their delegation at some unspecified
point in time" is something you can only catch by regularily polling
the delegating servers - which we certainly could do (like "every
5 seconds") - but today, we poll once a day, and are not in a hurry.
Incidentally, I've seen "really small" last about 10 years for one
particular domain, starting some time around 2008-2009 and ending a
couple of months ago. Good thing that server wasn't doing resolution
because 10Y of broken dns responses would have been messy.
There doesn't seem to be any particular reason for the RIPE NCC to
change their operational practice here; nor is there any compelling
reason for the DNS WG to jump and start dishing out instructions to the
RIPE NCC about how to do their job. It looks entirely like a case of
"good to see common sense prevailing. pls carry on".
Can we move on now? There are plenty of actual dns problems in the
world to solve which don't relate to accommodating monumentally awful
operational practice.
Nick
