27 Mar
2013
27 Mar
'13
6:06 p.m.
Hi Andreas,
On Wed, Mar 27, 2013 at 11:04:19AM +0100, Andreas Olsson wrote:
On Wed, Mar 27, 2013, at 0:07, Andy Smith wrote:
So is this something you want to happen (there to be a test
resolver), or are you happy enough just to have the production ones
cut over to being validators?
We could put up a test instance of Unbound with
validation enabled
and you could switch to using it, to see if anything breaks. Is that
something that any of you think you would bother with?
My VPS is uncritical enough that I wouldn't mind having it using an
Unbound DNSSEC test instance. During a transition period, given there being an
actual potential issue,
I would at least personally be ok with logging on the Bitfolk resolvers.
Now that I think about it, I'm really much more ok with logging
happening on resolvers used my VPS than I am with my home ISP
potentially having their resolvers logged. If I were to look up
something embarrassing alt misunderstandable that would most likely be
while doing regular web browsing.
So you are for the production resolvers logging validation failures,
at least for a limited period?
Actually looking at it the validation failures don't say the client
IP that made the query, only the failed query itself.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting