On Wed, Apr 25, 2012 at 09:52:39AM -0400, Phillip Hallam-Baker wrote:
dependency on the DNSSEC trust chain despite the easily observed fact
that less than 97% of DNS resolvers will pass anything other than
A/AAAA and CNAME records.
I'm having a hard time understanding that sentence. Could you
clarify, please:
A. Fewer than 97% of DNS resolvers can pass anything other than
A/AAAA and CNAME, which means something more than 3% of resolvers pass
only A/AAAA and CNAME.
This is what I _think_ you mean, which means that n% > broken
resolvers > 3%, right? If so, I'd like a citation, though it
doesn't sound wrong to me. That we'd have something on the order
of 3% of the software deployed everywhere on the Internet be
broken ought to be completely unsurprising.
B. 97% of the DNS resolvers is the most that has ever been observed
working according to specification, and the number may be much lower.
This is the rhetorical point I think might be read in. In this
case, I think a citation is in order.
Thanks,
A
--
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com