On Tue, 10 Apr 2012, Shane Kerr wrote:
Furthermore, a Negative Trust Anchor should be used only for a short
duration, perhaps for a day or less.
While for larger ISPs a top-100 approach makes sense, and so a 1 day fix is
reasonable to expect, other operators will have other concerns. For example,
you may have a distributor for your business that has a crappy IT department
and simply can't get their zones fixed in a reasonable time, or you may have a
department at your university that is literally gone for the summer.
The approach I had planned on taking is simply to require that an
administrator specify the ending time of the Negative Trust Anchor. If
they want to, of course they can put 30 years (or perhaps however much
time is left until their retirement), but at least they would have had
to think about the issue!
What's wrong with the proven method of exponential back-off ?
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
