[dns-operations] Saga of HBONow DNSSEC Failure

Matthew Pounsett matt at conundrum.com
Tue Mar 10 15:09:50 UTC 2015

On Mar 9, 2015, at 23:50 , Livingood, Jason <Jason_Livingood at cable.comcast.com> wrote:

> So earlier today HBO announced a new HBONow streaming service (at an Apple event). The FQDN to order, which should have been DNSSEC-enabled, was order.hbonow.com. This unfortunately suffered from a rather inconveniently timed DNSSEC problem (http://dnsviz.net/d/order.hbonow.com/VP5DKQ/dnssec/). :-( Of course, these being hot Net Neutrality days in the U.S., we at Comcast were quickly blamed for blocking access to ordering this new service (despite failures at Google and other validators). 

I’d just like to comment how pleased I am that Comcast continues to push DNSSEC validation, despite taking regular hits from end users.  I keep hoping others will follow suit.. the more large validator operators that enable it, the fewer hits anyone will take for doing so.

More information about the dns-operations mailing list