A few notes following the presentation and discussion earlier today (unrelated to Mukund's comments - I'm just stealing a suitable thread)
Re. the EDNS options, if you go for a 1 bit version it should apply only to the answer section. The only time this will be ambiguous is when there are CNAME/DNAME chains present. I was rather disconcerted by the 1 week default serve-stale limit in BIND's implementation. It seems to me that the value should be tuned to match typical outage lengths. A day seems to me to be much more reasonable than a week, though for my servers I have chosen an hour. Part of the reason I like serve-stale is that I think it will make outages easier to triage for my IT support colleagues. Network connectivity problems often look like DNS problems to even fairly knowledgable people. If the DNS continues to provide answers when the network is a bit broken then the investigation is more likely to head in the right direction sooner. (My logic for choosing an hour is that if things are broken for longer than that then it clearly isn't my fault any more!) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ disperse power, foster diversity, and nurture creativity _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
