Hi Wes, On Thu, 2021-10-21 at 09:55 -0700, Wes Hardaker wrote: > It adds a new section using multiple authoritative servers with > different data to get around algorithm roll difficulties.
That section only works for some validator implementations. Others will simpy go bogus, the only question is how many times they will hit each authoritative name server before deciding so. I strongly suggest removing section 2.2, or perhaps changing it to say "whatever you do, don't do this" - but I'm not sure we really want a repository of bad ideas. > It remains to be debated whether these ideas that you shouldn't use > unless you have to should eventually be published as an RFC. I'm torn on this one. Sometimes going insecure is what has to happen, and for those cases, operational guidance is good to have. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
