[dns-operations] Saga of HBONow DNSSEC Failure
Livingood, Jason
Jason_Livingood at cable.comcast.com
Tue Mar 10 03:50:26 UTC 2015
So earlier today HBO announced a new HBONow streaming service (at an Apple event). The FQDN to order, which should have been DNSSEC-enabled, was order.hbonow.com. This unfortunately suffered from a rather inconveniently timed DNSSEC problem (http://dnsviz.net/d/order.hbonow.com/VP5DKQ/dnssec/). :-( Of course, these being hot Net Neutrality days in the U.S., we at Comcast were quickly blamed for blocking access to ordering this new service (despite failures at Google and other validators).
Had this persisted much longer, we might have considered a negative trust anchor of course, assuming we had direct contact with HBO on the matter (established after they fixed the issue & we flushed the cache). A good example of the sentiment was the tweet “Wow. I have Comcast and can't reach http://hbonow.com unless I use a different network. #NetNeutrality ”. People tweeted to the FCC to alert them as well.
But two other I-Ds I wrote up did come in handy in some of my replies on social media:
http://tools.ietf.org/html/draft-livingood-dnsop-auth-dnssec-mistakes-00
and
http://tools.ietf.org/html/draft-livingood-dnsop-dont-switch-resolvers-00
Which leads me simply to say that if there’s any interest in progressing these I-Ds in any way, let me know. Of course you may not find them useful until people yell at you for other people’s DNS errors. ;-)
- Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150310/f67f28e2/attachment.html>
More information about the dns-operations
mailing list