[dnssec-deployment] split-view DNSSEC Best Current Practices
Olaf M. Kolkman
olaf at ripe.net
Wed Jan 12 15:07:39 EST 2005
>This advise is not as strongly worded in the BCP; but the BCP does
>encourage steering away split-views as much as possible. This is
>not because it is impossible to configure split-views with DNSSEC, but
>because of the fragility of the set up. It is very easy to invalidate the
>entire set up through what might appear to be a simple configuration
>error.
>
>
This suggest that the document should give recommendations and list
pitfalls, much more than saying don't.
I once made a drawing on a whiteboard; depicting plain DNS as a .45...
DNSSEC was an uggly automatic weapon something like a Wolverine ...
--Olaf
More information about the Dnssec-deployment
mailing list