Great, thanks a lot for your comments. This ISP have one of its resolvers validating from more than a year. And it offers it through DHCP to all its costumers, along with the two others without validation.
Anyway, I'll be following its deployment. I agree that is a good way of going forward, as soon as they're aware it doesn't protect their costumers... just to test their infrastructure and accomodate operations... in a limited timeframe! As Sebastian says, it eventually gets debugging hard :) Hugo On 01:00 13/06, Robert Martin-Legene wrote: > I am guessing they are afraid of the consequences of when DNSSEC fails. > Is their argument that they will be studying the logs, or how do they > plan to take advantage of this style of roll-out? > > I don't think it is too crazy, and possibly a good way to get ISPs to > embrace that crazy scary "new" thing called DNSSEC. > > Maybe work with them and set a timeline.. with monthly follow-ups on a > national NOG list - or with the NIC in private. It would be good if > everyone can learn from the experience, even the NIC whom are usually > far from the actual ISP environment setups. > > > > -- > Robert ML >
signature.asc
Description: PGP signature
