On 8 Feb 2018, at 13:52, Paul Wouters <p...@nohats.ca> wrote: > On Thu, 8 Feb 2018, Joe Abley wrote: > >> I don't disagree with the need for more data, but I think the hole you >> mention is not so giant. As far as I can tell it's a result of: > > How do you know without the data?
I'm talking about the data that I have seen. I described how I thought that data was inadequate (not for lack of uptime statistics). >> 1. RFC5011 support not being turned on in nameservers that have been >> upgraded but whose older, DNSSEC-validating configuration has been preserved >> across updates (most cases), and >> >> 2. RFC5011 support exercising a code path that requires a writable, >> persistent filesystem to store an updated trust anchor, which turns out not >> to be available (fewer, but some cases). > > 3. gold images instantiated in private clouds > > 4. AMI images used in AWS > > 5. docker containers > > 6. kubernetes containers > > 7. old configs not getting updated unrelated to 1. and 2. Right, I didn't see any of your cases (3) through (7). Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
