On 21/10/2021 18.55, Wes Hardaker wrote:
It adds a new section using multiple authoritative servers with different data to get around algorithm roll difficulties.
I'm also not convinced that it's a good recommendation, meaning I can't predict if it will behave relatively reliably. Perhaps if you have just two IP addresses in the whole NS set, it seems reasonable that on validation error the next one tried will be the other one (though I haven't surveyed these strategies). In general, 50% failure rate doesn't sound very nice, e.g. with three attempts you still have failure rate over 10%, which doesn't make me happy. (Real numbers get complicated by caching, selection by round-trip time, etc.)
--Vladimir _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
