On Tue, Jan 22, 2013 at 2:32 PM, Mark Andrews <ma...@isc.org> wrote: > > In message < > ca+fq9b-ym5w+ndxzzndzwnnqk-v29s19enb_myjbk-jrgbj...@mail.gmail.com>, > Augie Schwer wri > tes: > > > > Would measuring the number of SERVFAIL entries in the "query-errors" > > category be a good indicator of what impact enabling DNSSEC has? >
> DNSSEC is like wearing a seatbelt. 99.99% of the time it has no > impact. And like a seatbelt it can save you (reject spoofed answers) > or hinder you (lookups fail due to the zone not being re-signed) > on rare occasions. > That makes sense to me; I was looking for a way to quantify the affect enabling DNSSEC validation in a Bind server. Measuring SERVFAILs seems to be a good proxy to measure DNSSEC's impact. Thanks for the reply. -- Augie Schwer - au...@schwer.us - http://schwer.us
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
