I-D Action: draft-livingood-dnsop-dont-switch-resolvers-05.txt
internet-drafts@ietf.org Tue, 13 August 2019 19:29 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2333B120128 for <i-d-announce@ietf.org>; Tue, 13 Aug 2019 12:29:18 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-livingood-dnsop-dont-switch-resolvers-05.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <156572455801.24218.10188895834784539333@ietfa.amsl.com>
Date: Tue, 13 Aug 2019 12:29:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/NdaX-iDjxqqrdHWy-JrxbjqV8uQ>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 19:29:18 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : In Case of DNSSEC Validation Failures, Do Not Change Resolvers
Author : Jason Livingood
Filename : draft-livingood-dnsop-dont-switch-resolvers-05.txt
Pages : 8
Date : 2019-08-13
Abstract:
DNS Security Extensions (DNSSEC) validation by recursive DNS
resolvers has been deployed at scale. However, domain signing tools
and processes are not yet as mature and reliable as is the case for
non-DNSSEC-related domain administration tools and processes. This
sometimes results in DNSSEC validation failures, for which operators
of validating resolvers are often blamed. When these failures do
occur, end users should not change to a non-validating DNS resolver,
as that would downgrade their security. They should instead wait
until the authoritative domain operator updates their DNS records to
resolve the error and that change propagates across the Internet's
DNS resolvers, the timing of which may be dependent upon the Time To
Live (TTL) settings in the old and/or erroneous DNS resource records.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-livingood-dnsop-dont-switch-resolvers/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-livingood-dnsop-dont-switch-resolvers-05
https://datatracker.ietf.org/doc/html/draft-livingood-dnsop-dont-switch-resolvers-05
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-livingood-dnsop-dont-switch-resolvers-05
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-livingood-dnsop-dont-switch-res… internet-drafts