(no hats) On Oct 31, 2014, at 11:53 AM, Warren Kumari <war...@kumari.net> wrote:
> On Fri, Oct 31, 2014 at 10:26 AM, Paul Ebersman <list-dn...@dragon.net> wrote: >> >> I'd hope it would be good operational sense for folks to have automated >> checks of critical things and checks of DNS logs for DNSSEC validation >> failures and that we shouldn't have to spell that out. >> >> But do we want to at least have a mention of doing such kinds of checks >> as a better way of noticing DNSSEC failures than pissed off customers or >> puzzled NOC folks? > > Nope -- because now you have the problem of where to draw the line. Do > we also suggest the folk monitor error rates on WAN circuits? Failing > RAID arrays? Excessive BIND memory usage? > > I think that would be document creep, creep! Well, there might be a useful heuristic for drawing the line though-- it might well be that there's *operational* guidance on what monitoring is useful for this specific purpose, as opposed to "all possible monitoring of everything". I'm fine with "This is what real operators are finding useful in the context of deploying this particular optimization to our service." Suzanne _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
