[dnssec-deployment] yet another resource constraint

Mark Andrews Mark_Andrews at isc.org
Thu Sep 7 20:32:50 EDT 2006


> > 	Note it would most probably help if all the servers for
> > 	69.in-addr.arpa where something modern and didn't
> > 	return NXDOMAIN for 16.69.in-addr.arpa.  The correct response
> > 	is NOERROR as 197.16.69.in-addr.arpa exists.
> > 
> > 	--- 9.2.3rc1 released ---
> > 
> > 1416.   [bug]           Empty node should return NOERROR NODATA, not NXDOMA
> IN.
> >                         [RT #4715]
> 
> 	yeah, sure... in a perfect world.
> 
> 	reality sez there will be lots of servers that don't/won't
> 	upgrade.  and with the current default logging behaviour,
> 	there will be a noticable, significant increase in the size
> 	of the log files.  

	Bill you have yet to demonstate that this is nothing more
	that a broken chain of trust somewhere in your own test
	environment.

	There is no point in complaining about log messages until
	you can prove that they are just noise and not a indication
	of a real problem.  As far as I am aware there is no way
	that the messages will be logged unless there was a validation
	failure and there was a real error.
 
> --bill
--
ISC Training!  October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP.  Email training at isc.org.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the Dnssec-deployment mailing list