In Case of DNSSEC Validation Failures, Do Not Change Resolvers
draft-livingood-dnsop-dont-switch-resolvers-03

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2016-05-05 (latest revision 2015-11-02)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Additional URLs
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-livingood-dnsop-dont-switch-resolvers-03.txt

Abstract

DNS Security Extensions (DNSSEC) are being widely deployed, particularly via validating resolvers. However, domain signing tools and processes are not yet as mature and reliable as is the case for non-DNSSEC-related domain administration tools and processes. As a result, some DNSSEC validation failures may occur. When these failures do occur, end users should not change to a non-validating DNS resolver.

Authors

Jason Livingood (jason_livingood@cable.comcast.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)