[dns-operations] Saga of HBONow DNSSEC Failure

Warren Kumari warren at kumari.net
Tue Mar 10 15:49:49 UTC 2015

On Tue, Mar 10, 2015 at 11:09 AM, Matthew Pounsett <matt at conundrum.com> wrote:
> On Mar 9, 2015, at 23:50 , Livingood, Jason <Jason_Livingood at cable.comcast.com> wrote:
>> So earlier today HBO announced a new HBONow streaming service (at an Apple event). The FQDN to order, which should have been DNSSEC-enabled, was order.hbonow.com. This unfortunately suffered from a rather inconveniently timed DNSSEC problem (http://dnsviz.net/d/order.hbonow.com/VP5DKQ/dnssec/). :-( Of course, these being hot Net Neutrality days in the U.S., we at Comcast were quickly blamed for blocking access to ordering this new service (despite failures at Google and other validators).
> I’d just like to comment how pleased I am that Comcast continues to push DNSSEC validation, despite taking regular hits from end users.

+lots. Thank you Comcast, and Jason.


 > I keep hoping others will follow suit.. the more large validator
operators that enable it, the fewer hits anyone will take for doing
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the dns-operations mailing list