From: Vernon Schryver <v...@rhyolite.com> > If you don't let them to use `rndc validation off X hours`, most will > use `rndc nta gov` because their users will be shouting about governement > web site problems and they won't have the time, inclination, or > permission to discover that it's only the apod.nasa.gov.
Which is worse, turning off all validation for 24 hours or turning off validation for just .gov for 24 hours? Ideally, it is best to turn off validation for as narrowly focused a zone as possible for as short a time as possible. 'rndc nta apod.nasa.gov X hours' How long does it take to go to DNSVIS or the like to find where the break is? Time and permission to discover are minimized. Inclination cannot be controlled for, but those who know about 'rndc nta ___' will hopefully be aware of the tools to test before implementing. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
