[dns-operations] Online DNSSEC debugging tool now availalbe

[Joe Abley]

On 2010-07-19, at 18:18, bmanning at vacation.karoshi.com wrote:

> 	so this would never happen....

On the contrary, I think that and things like it happen in tens of thousands of companies every day. This is every-day reality.

In my experience the things that have big, easy-to-describe effects ("THE DNS IS BROKEN BUT JUST FOR ORG") are more likely to be dealt with promptly than those which are more vague ("THE INTERNET IS DOWN") and those which have more cryptic origins (the NTP server under the old admin's desk was turned off by the cleaner, and the web cluster has just started to reject authentication attempts due to the clock skew which has been increasing over the past several months).

However, in your example even if some TLD registry did continue to publish trust anchor changes on the same web page or on the same mailing lists as they used to do before the root was signed, chances are good that the loss of context due to engineer rollover would still lead to the helpdesk phone ringing.


Joe