[dns-operations] Online DNSSEC debugging tool now availalbe
Joe Abley
jabley at hopcount.ca
Mon Jul 19 23:58:14 UTC 2010
On 2010-07-19, at 18:18, bmanning at vacation.karoshi.com wrote:
> so this would never happen....
On the contrary, I think that and things like it happen in tens of thousands of companies every day. This is every-day reality.
In my experience the things that have big, easy-to-describe effects ("THE DNS IS BROKEN BUT JUST FOR ORG") are more likely to be dealt with promptly than those which are more vague ("THE INTERNET IS DOWN") and those which have more cryptic origins (the NTP server under the old admin's desk was turned off by the cleaner, and the web cluster has just started to reject authentication attempts due to the clock skew which has been increasing over the past several months).
However, in your example even if some TLD registry did continue to publish trust anchor changes on the same web page or on the same mailing lists as they used to do before the root was signed, chances are good that the loss of context due to engineer rollover would still lead to the helpdesk phone ringing.
Joe
More information about the dns-operations
mailing list