[Dnssec-deployment] Analysis of NASA.GOV DNSSEC Issue 18-Jan-2012
Jason_Livingood at cable.comcast.com
Fri Jan 27 18:59:19 EST 2012
>The question is - how can it be made more clear the reason for a DNS
>failure? I don't mean inside the protocol, using EDNS0 options to expand
>on the RCODE. I mean what reporting tools can be deployed so that users
>who care and get a rational explanation of why a lookup was "blocked"?
This is where validation implementers like me need to do some creative
thinking (with help from folks here of course). It'll probably take a lot
of experimentation to figure out the right way(s) to do so, but this is
where the work is I think. And getting it right will prevent a lot of
customer calls and upset.
More information about the Dnssec-deployment