[dns-operations] uspto.gov

Michael Sinatra michael at rancid.berkeley.edu
Wed May 19 00:31:13 UTC 2010

On 05/18/10 06:31, Chris Thompson wrote:
> On May 18 2010, Edward Lewis wrote:
>> At 16:30 -0400 5/17/10, Dave Knight wrote:
>>> I just sent email to the address in the SOA RNAME for uspto.gov,
>>> pointed to
>>> the list archive for this thread and received a response 3 minutes later
>>> from someone already aware of the thread and the issues.
>> I'm glad you posted this - I tend to forget the RNAME and what it is
>> meant to be used for.
> I tend to try SOA.rname first, if only to avoid fighting my way through
> the whois maze. When it doesn't work, and if I eventually make contact
> with the zone owner, I tell^Wask them to fix it...

I have generally had good luck regarding GOV issues with sending mail to 
the SOA RNAME along with a cc to the technical contact for the GOV TLD.

The one complaint I would have regarding the OMB mandate for USG 
deployment of DNSSEC would be that the mandate only required agencies to 
sign their zones, not to actually do any validation.  So you have all of 
these agencies putting out DNSSEC dogfood with zero idea of what it 
tastes like.  Those of us doing validation are the first ones to have to 
deal with the consequences.  It's not all bad--some agencies (including 
a handful of the DoE labs) are trying to do the right thing.  Not only 
are they doing validation, but they are actively helping diagnose 
problems at other GOVs.  (Casey Deccio at Sandia Lab is a prime example.)

My point is that the mandate could have been a bit better, with a better 
understanding of both the validation and signing components of a DNSSEC 
operation.  This is not an indictment of DNSSEC, just a critique of 
implementation mandates for GOV operators.


More information about the dns-operations mailing list