[dns-operations] uspto.gov

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri May 21 09:05:36 UTC 2010

On Tue, May 18, 2010 at 09:24:08AM +0200,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
 a message of 33 lines which said:

> I strongly disagree. The problem with uspto.gov is not a DNSSEC one
> (the signatures are valid, the chain trust is OK) but a *network*
> one. A broken middlebox prevents large responses to come in.

It is "fixed" now (they've reduced the number of DNSKEYs, thus coming
under 1500 bytes, but I don't know if the underlying network problem
is corrected).

This morning, doc.gov is broken (yes, the thing that controls the DNS
root). This time, it is a purely DNSSEC issue.

More information about the dns-operations mailing list