[dns-operations] DNSSEC signatures expired for getdnsapi.org and getdnsapi.net
bert hubert
bert.hubert at netherlabs.nl
Mon Sep 18 10:34:14 UTC 2017
On Mon, Sep 18, 2017 at 03:42:55AM -0400, Viktor Dukhovni wrote:
> > Oops... Consequence of a too hasty and uncareful software update.
> > I just started the signers again.
>
> I'd like to suggest monitoring. For my own domains, the alarms start
I'd like to suggest DNS solutions that autosign. There are millions of
autosigning domains out there (the vast majority even). We continue to see
"manual" signing fail, even with very smart operators.
I realize not all security goals can be met with such a solution. But I also
realize we are the butt of a lot of jokes if even the DNSSEC cognoscenti
aren't able to keep their domains working.
Bert
More information about the dns-operations
mailing list