It appears that Paul Wouters <p...@nohats.ca> said: >But also, the pain is not felt at the people who dictate how to use >their DNS validation scheme. It is with the DNS administrators finding >a bunch of unrecognisable DNS records and not knowing what the hell >they are for and whether they can or should be deleted. Or those admins >that now see their APEX going back to TCP (yes dig txt cnn.com gets TC >and falls back to TCP)
I think I just said that was a problem. But other than the advice to put in an expiration date, and indirectly the advice not to put the record at the domain apex, I don't see anything to fix that. An expiration date could help for the one-off ACME stuff, but not for the long term analytics which you can only really tell by asking the other end if they're still looking at your stuff. So like I said it would be good if you had a way to tell who the other end is. It occurs to me that's a reason to use a fixed tag and add it to the attrleaf registry. People can look it up to see what it is, and if you have a way to see if it's still in use, perhaps a web page where you can put in the random token and it says yes or no. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
