Hi,
On Sep 8, 2009, at 8:58 AM, Paul Wouters wrote:
Subject: [Unbound-users] .PR servfails with Unbound but not with BIND
% dig SOA pr.
I get the key through DLV.
It's outdated and wrong and missing the new key.
Out of curiosity (since I'm not on the unbound-users list), why did it
work with BIND and not Unbound?
I guess we need a MUCH better communication method between TLD's,
iTAR and ISC's DLV. This is bad.
3 points:
1) Get used to these sorts of failures. In the universe of TLD
operators, there are a non-trivial number that have limited technical
skills. I can easily imagine folks hiring consultants who come in,
set up DNSSEC, and then leave. Time passes, keys expire, servers
change, etc.
2) ISC redistributes the ITAR without any formal or even informal
interaction with the ICANN staff that runs the ITAR. In some
particularly unpleasant (at least to me) alternative universe, there
could be a myriad of DLV registries. How should ICANN interact with
these DLV registries?
3) Of course, DLV deals with more than TLDs so you can probably take
point (1) above and multiply the fun by some non-trivial amount.
Regards,
-drc
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
