North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: US government mandates? use of DNSSEC by federal agencies
David Conrad wrote: On Aug 27, 2008, at 11:03 AM, Michael Thomas wrote: In any case, the point of my first question was really about theconcern of false positives. Do we really have any idea what will happen if you hard fail dnssec failures?
Given how integral DNS is to everything, it seems a little scary to just trust that all of that software across many, many vendors is going to interoperate at *scale*. It seems that some training wheels like an accept-failure-but-log mode with feedback like "your domain failed" to the domain's admins might be safer. At least for a while, as this new treadmill's operational care and feeding is established. Mike
|