two replies here. Mark Andrews wrote on 2021-12-01 00:35:
Also stop hiding this breakage. Knot and unbound ignore the NSEC records which trigger this when synthesising. All it does is push the problem down the road and makes it harder for others to do proper synthesis based on the records returned.
+1. fail early and fail often. Tim Wicinski wrote on 2021-12-01 03:07:>
What I noticed in reading this nice write up was the warning image they missed in the Route53 console because of the automation they use. But most folks use automation/tooling/etc in their workflow, and catching those warnings via automation is a bit tricky. ...
sadly for the dnssec adoption curve, there is no substitute for knowing what you're doing, and automators who wish to scale dnssec management to include well-trained non-wizards are going to create disappointment.
-- vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
