[dns-operations] problems resolving army.mil and us.army.mil?
Christopher Morrow
morrowc.lists at gmail.com
Wed Aug 21 17:04:11 UTC 2013
a question(s) from the peanut gallery...
(I assumed some things...)
if the operations work to maintain dnssec stuff for zones is not
productionized and automated and tested failures like this army.mil
(and most previous other zone problems elsewhere related to dnssec,
most likely) issue happen...
what process gets us all to better, more stable, more reliable dnssec
deployment on a per-zone basis?
is the problem that army.mil can be broken for X hours/days with
respect to dnssec because 'no one notices' and thus the failure has
low/zero cost to the domain owner? Is the process/ops-work so hard
that it can't be automated/productionized?
If the 'no one notices' answer is 'yes', how do more people get to the
place where they notice? by enabling validation in resolvers? could US
Gov't agencies all enable this 'now' and help to find these problems
more quickly? could OMB be brought to bear on this sort of thing in a
reasoned way?
-chris
On Wed, Aug 21, 2013 at 10:18 AM, Fr34k <freaknetboy at yahoo.com> wrote:
> http://dnssec-debugger.verisignlabs.com/army.mil also shows several issues.
>
>
>
>
> ----- Original Message -----
>> From: "Rose, Scott W." <scott.rose at nist.gov>
>> To: Mike A <mikea at mikea.ath.cx>; DNS Operations <dns-operations at mail.dns-oarc.net>
>> Cc:
>> Sent: Wednesday, August 21, 2013 10:06 AM
>> Subject: Re: [dns-operations] problems resolving army.mil and us.army.mil?
>>
>> Me too. From NIST and DNSViz:
>> http://dnsviz.net/d/army.mil/dnssec/
>>
>> Can't reach any of the servers listed.
>>
>> Scott
>>
>>
>> ===================================
>> Scott Rose
>> NIST
>> scott.rose at nist.gov
>> +1 301-975-8439
>> Google Voice: +1 571-249-3671
>> http://www.dnsops.gov/
>> https://www.had-pilot.com/
>> ===================================
>>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: Mike A <mikea at mikea.ath.cx>
>> Date: Wednesday, August 21, 2013 10:02 AM
>> To: DNS Operations <dns-operations at mail.dns-oarc.net>
>> Subject: [dns-operations] problems resolving army.mil and us.army.mil?
>>
>>> I'm seeing timeouts and SERVFAILs trying to resolve army.mil and
>>> us.army.mil from multiple locations on disjoint nets. Anyone else?
>>>
>>> --
>>> Mike Andrews, W5EGO
>>> mikea at mikea.ath.cx
>>> Tired old sysadmin
>>> _______________________________________________
>>> dns-operations mailing list
>>> dns-operations at lists.dns-oarc.net
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>> dns-jobs mailing list
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list