Looking for dnssec-triggerd alpha testers!

"Jóhann B. Guðmundsson" johannbg at gmail.com
Wed Sep 21 13:20:57 UTC 2011


On 09/21/2011 01:00 PM, Tomas Mraz wrote:
> You probably did not understand the meaning of "removing the ability for
> disabling dnssec" in the Adam's e-mail. It is not meant to disable the
> ability to not use of dnssec completely but that it should not be
> possible to simply click away any failures to verify dnssec for domains
> that are marked as that they should be validated by dnssec. Simply if a
> domain is marked as dnssec enabled in the parent record then it must
> have correct dnssec entries or it should not be accepted. Domains that
> are not marked as dnssec enabled (that should be the default for admins
> that are unable or unwilling to use dnssec on their domains) are not
> affected in any way.

You are right I misunderstood him.

By all means remove the users availability to simply click them selves 
away from that.

JBG


More information about the devel mailing list