Gert Doering wrote on 11/06/2019 21:50:
On Tue, Jun 11, 2019 at 08:40:05PM +0200, Jonas Frey wrote:
The time window might be small, but serving wrong answers was not acceptable for us.
ok, but in the automated world of today this small window is likely to be _really_ small.
Only if everything works perfectly. Especially "customer asks for the auth records and then moves their delegation at some unspecified point in time" is something you can only catch by regularily polling the delegating servers - which we certainly could do (like "every 5 seconds") - but today, we poll once a day, and are not in a hurry.
Incidentally, I've seen "really small" last about 10 years for one particular domain, starting some time around 2008-2009 and ending a couple of months ago. Good thing that server wasn't doing resolution because 10Y of broken dns responses would have been messy. There doesn't seem to be any particular reason for the RIPE NCC to change their operational practice here; nor is there any compelling reason for the DNS WG to jump and start dishing out instructions to the RIPE NCC about how to do their job. It looks entirely like a case of "good to see common sense prevailing. pls carry on". Can we move on now? There are plenty of actual dns problems in the world to solve which don't relate to accommodating monumentally awful operational practice. Nick