[dnssec-deployment] yet another resource constraint
Mark Andrews
Mark_Andrews at isc.org
Thu Sep 7 20:32:50 EDT 2006
> > Note it would most probably help if all the servers for
> > 69.in-addr.arpa where something modern and didn't
> > return NXDOMAIN for 16.69.in-addr.arpa. The correct response
> > is NOERROR as 197.16.69.in-addr.arpa exists.
> >
> > --- 9.2.3rc1 released ---
> >
> > 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMA
> IN.
> > [RT #4715]
>
> yeah, sure... in a perfect world.
>
> reality sez there will be lots of servers that don't/won't
> upgrade. and with the current default logging behaviour,
> there will be a noticable, significant increase in the size
> of the log files.
Bill you have yet to demonstate that this is nothing more
that a broken chain of trust somewhere in your own test
environment.
There is no point in complaining about log messages until
you can prove that they are just noise and not a indication
of a real problem. As far as I am aware there is no way
that the messages will be logged unless there was a validation
failure and there was a real error.
> --bill
--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email training at isc.org.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the Dnssec-deployment
mailing list