[dns-operations] Comcast Begins DNSSEC Rollout
Griffiths, Chris
Chris_Griffiths at Cable.Comcast.com
Tue Oct 19 12:56:00 UTC 2010
On 10/18/10 9:42 PM, "Kevin Chen" <kchen at MIT.EDU> wrote:
>Kevin Chen wrote:
>> One of the machines behind 75.75.75.75 (68.87.71.229) seems to be having
>> problems validating names in zones that are in DLV but not in the chain
>> of trust from the root:
>
>Actually, I may have been a little bit too hasty in that conclusion
>since .gov names seem to work fine, but in any case, 68.87.71.229 does
>seem to be returning SERVFAIL for some DLV queries, and similarly
>returning SERVFAIL for names in those zones.
Kevin,
We are not using DLV to validate zones on our recursive resolvers, we are
only using the root key as our trust anchor to validate. That being said,
there appears to be an issue with couple of cached names on that
particular node and we will take a look.
Thanks for testing our servers :-)
Chris Griffiths
Comcast
More information about the dns-operations
mailing list