Moin! > On 25 Oct 2014, at 01:06, Doug Barton <do...@dougbarton.us> wrote: > > > "Currently the operators of example.com have introduced an error into their > DNS information which is causing the domain to be unresolvable. Once they > have corrected that error our customers will be able to reach their site > again. You can go to the following web page to view detailed information > about the problem ..." How are you going to tell that to your customers? Who will pay for the calls to the ISPs call center?
> The other problem is that this feature is only really useful in the DNSSEC > ramp-up period. Sure, mistakes are more common now, software is immature, > etc. etc. But if DNSSEC is successful, the software will get better (it > already is a lot better than even a few years ago), and mistakes will be less > common (both on an absolute, and on a percentage basis). But once you > introduce a feature like this, you cannot remove it. The feature already exists in the most commonly used validating resolvers (see Appendix A). Beside my tiny contribution to the draft you may notice that the other authors of the draft come from the two biggest currently operational validating resolver farms (Comcast and Google). So I would rather say it is operational reality and so far all the ISPs I talked to who are thinking about doing validation see this as a critical feature also. This draft describes that and tries to tell them to be super cautious with that feature. So long Ralf Sent from my iPhone _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
