> On 30 Nov 2021, at 1:38 pm, John Levine <jo...@taugh.com> wrote:
>
> Can or should we offer advice on how to do this better, sort of like
> RFC 8901 but one level of DNS expertise down?
The main advice that comes to mind is to use a DNS hosting provider
with a proven (multi-year) record of doing DNSSEC reliably.
If the DNS hosting provider where Cloudflare, Google, OVH, one.com,
TransIP, ... the implementation would have been correct.
Clearly Route 53 wasn't quite ready for prime time. It is not clear
how we can help customers know which providers have solid implementations.
I don't know of any mainstream certification programs that would do the
job.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
