Skip to main content

In Case of DNSSEC Validation Failures, Do Not Change Resolvers

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Jason Livingood
Last updated 2015-03-28 (Latest revision 2014-09-24)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


DNS Security Extensions (DNSSEC) is beginning widespread deployment. However, domain signing tools and processes are not yet as mature and reliable as is the case for non-DNSSEC-related domain administration tools and processes. As a result, some DNSSEC validation failures may occur. When these failures do occur, end users SHOULD NOT change to a non-validating DNS resolver.


Jason Livingood

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)