[dns-operations] DNSSEC misconfiguration
Carlos Vicente
cvicente at network-services.uoregon.edu
Fri Jul 30 15:26:36 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> How do we make a stronger impression to zone administrators that
> broken validation == we can't reach you? I'm also interested who has
> validation enabled on resolvers (with some sort of anchor, of course)
> and what the experience has been.
>
> Regards,
> Casey
Hi Casey,
We enabled validation in our campus resolvers in 02/2009. We've actually
had very few reports from users. When contacting broken zone admins, I
have tried to include something like "nobody in our campus is currently
able to reach you" in the message. I'm sure that does make a stronger
impression because it makes it clear that I'm not just testing in my lab.
Regards,
cv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFMUu8sDADXcoYj2ZwRAizuAJ9wZQclUts3f1s9Fqfs75bl8rnYAgCfRMqx
X+4gE0FuwniKXoC7mYYFFXo=
=VED8
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list