[dns-operations] Saga of HBONow DNSSEC Failure

Livingood, Jason Jason_Livingood at cable.comcast.com
Tue Mar 10 03:50:26 UTC 2015

So earlier today HBO announced a new HBONow streaming service (at an Apple event). The FQDN to order, which should have been DNSSEC-enabled, was order.hbonow.com. This unfortunately suffered from a rather inconveniently timed DNSSEC problem (http://dnsviz.net/d/order.hbonow.com/VP5DKQ/dnssec/). :-( Of course, these being hot Net Neutrality days in the U.S., we at Comcast were quickly blamed for blocking access to ordering this new service (despite failures at Google and other validators).

Had this persisted much longer, we might have considered a negative trust anchor of course, assuming we had direct contact with HBO on the matter (established after they fixed the issue & we flushed the cache). A good example of the sentiment was the tweet “Wow. I have Comcast and can't reach http://hbonow.com  unless I use a different network. #NetNeutrality ”. People tweeted to the FCC to alert them as well.

But two other I-Ds I wrote up did come in handy in some of my replies on social media:

Which leads me simply to say that if there’s any interest in progressing these I-Ds in any way, let me know. Of course you may not find them useful until people yell at you for other people’s DNS errors. ;-)

- Jason

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150310/f67f28e2/attachment.html>

More information about the dns-operations mailing list