On Mon, May 11, 2015 at 7:26 PM, Evan Hunt <e...@isc.org> wrote: > On Mon, May 11, 2015 at 12:19:19PM -0400, Bob Harold wrote: >> I am not even sure there is a good reason for a warning. > > In BIND, NTA's are set by an rndc command, but in other implementations > they might be set up in a config file. If you have both a TA and an NTA > for the same node in the same configuration, that would be sensible to > warn about; it's the sort of oddity that might have been unintentional.
"An NTA placed at a node where there is a configured positive trust anchor MUST take precendence over that trust anchor, effectively disabling it. Implementations SHOULD issue a warning or informational message when this occurs, so that operators are not surprised when this happens." Just added. Seem good? W > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
