[dns-operations] Pending Removal of 3 Negative Trust Anchors @ Comcast

Warren Kumari warren at kumari.net
Mon May 21 21:12:11 UTC 2012


On May 21, 2012, at 4:55 PM, Livingood, Jason wrote:

> Since there's been a bunch of discussion about this IETF document lately - http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01
> 
> Per http://www.dnssec.comcast.net/ 
> 
> - Jason
> 
> Upcoming Removal of Three Negative Trust Anchors
> Monday, May 21, 2012
> Comcast plans to remove three separate Negative Trust Anchors for the domains bayfieldelectric.com, bitcoinica.com, and fbo.gov. These will be removed on Tuesday, May 29, 2012. In each case these Negative Trust Anchors were put in place at the request of our customers. Good faith efforts to contact each domain and resolve these problems have been made. The responsibility for properly configured DNS records lies with domain administrators. The details for each domain are as follows:

Just to make sure I understand, this means that, after May 29th, folk using the Comcast resolvers will no longer be able to resolve these, yes? [0].
The "Good faith efforts to contact each domain and resolve these problems have been made." means that you reached out to them, but it is only implied that they didn't get around to fixing it.

W

[0]: Please note: I'm *not* saying that there is anything wrong with that (I think that Comcast went above and beyond by trying to same them from themselves.), just that this was not clear (to me) from the message…



> 	• bayfieldelectric.com
> - Negative Trust Anchor added 2/29/12
> - Issue appears due to the presence of DS records in the .com TLD, indicating a signed domain, but the domain itself is unsigned
> - DNSViz report at http://dnsviz.net/d/bayfieldelectric.com/T7Xw4A/dnssec/
> 	• bitcoinica.com
> - Negative Trust Anchor added 1/22/12
> - Issue appears due to the presence of DS records in the .com TLD, indicating a signed domain, but the domain itself is unsigned
> - DNSViz report at http://dnsviz.net/d/bitcoinica.com/T7ZW9Q/dnssec/
> 	• fbo.gov
> - Negative Trust Anchor added 4/23/12
> - Issue appears due to expired keys in the domain
> - DNSViz report at http://dnsviz.net/d/fbo.gov/T7YMCQ/dnssec/
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs




More information about the dns-operations mailing list