[dns-operations] DNSSEC quality by TLD
ietf-dane at dukhovni.org
Thu May 17 15:02:07 UTC 2018
> On May 17, 2018, at 10:22 AM, John Levine <johnl at taugh.com> wrote:
> If those numbers are correct, they're really pitiful. Bank is
> supposed to be a super secure TLD, careful checking of registrants
> to be sure they're real banks, and every delegation is signed.
> I checked, the current zone file has DS for every NS. How are
> they broken?
Of the 1347 delegations that are failing, 1314 are REFUSED by:
So these are presumably parked and not maintained. The rest are
more diverse, with a bad key roll at e.g.:
More information about the dns-operations