[dns-operations] google DNS doing validation?

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Jul 27 18:46:46 UTC 2018



> On Jul 27, 2018, at 2:16 PM, Wessels, Duane <dwessels at verisign.com> wrote:
> 
> Yes you should!
> 
> I'm proud to say that I've earned the "cream of the crop" award [1] from ianix.com with 4.5 years continuous downtime of validatorsearch.verisignlabs.com!
> 
> [1] See the very bottom of https://ianix.com/pub/dnssec-outages.html

Nice.

Overall, out of 8,521,213 secure delegations I see 156,976 DNSKEY lookup
problems (not always DNSSEC, lame delegations, and other routine issues
are common).  A large fraction is just from parked domains under .SE and .NU
(44999 and 9225 resp.)  I'll post more detailed July DNSSEC stats soon.

Out of 4,305,133 MX hosts in signed zones, just 999 exhibit TLSA record
lookup problems (denial of existence bugs, CNAME loops, bad SOA
signatures, ...).

The vast majority of the problems are concentrated at a handful of DNS
operators with stale software, fragile processes or just parked domains
they don't need or care to have working.

Overall, the ecosystem as a whole is functioning.

-- 
	Viktor.



More information about the dns-operations mailing list