27 Mar
2013
27 Mar
'13
10:04 a.m.
On Wed, Mar 27, 2013, at 0:07, Andy Smith wrote:
We could put up a test instance of Unbound with
validation enabled
and you could switch to using it, to see if anything breaks. Is that
something that any of you think you would bother with?
My VPS is uncritical enough that I wouldn't mind having it using an
Unbound DNSSEC test instance.
Should validation failures be logged on production
resolvers? On the
plus side, if you are experiencing one then you could ask us to look
in the logs to see why. On the negative side, it means we'll
casually stumble across records of tons of queries that customers
make, which is a privacy concern.
During a transition period, given there being an actual potential issue,
I would at least personally be ok with logging on the Bitfolk resolvers.
Now that I think about it, I'm really much more ok with logging
happening on resolvers used my VPS than I am with my home ISP
potentially having their resolvers logged. If I were to look up
something embarrassing alt misunderstandable that would most likely be
while doing regular web browsing.
// Andreas