On 2/15/10 9:21 AM, Tony Finch wrote: > On Mon, 15 Feb 2010, Mark Scholten wrote: >> >> I've seen problems that are only there because of DNSSEC, so if there is a >> problem starting with trying to disable DNSSEC could be a good idea. As long >> as not all rootzones are signed I don't see a good reason to use DNSSEC at >> the moment. > > You realise that two of them are signed now and the rest will be signed by > 1st July? >
Which means now is a good time to find and fix brokenness, not hope that DNSSEC will go away. ~Seth