[dns-operations] Quad9 DNSSEC Validation?

Bill Woodcock woody at pch.net
Sun Feb 28 09:11:47 UTC 2021


Hi. Speaking from Quad9’s board, rather than the operations side, resources are scarce and demand is enormous. We put in negative trust anchors where safe and necessary to keep things working for actual users, because if we don’t, we get drowned by support calls. And, like any donation-funded open project, donors are expecting us to use the resources they’ve given us to protect people, not to subsidize other people’s science projects. Your experiment is not distributing malware through .GOV or .MIL, therefore you have no reasonable expectation that we, our donors, and our users should absorb the externalized costs of your experiment. 

There, your experiment was a success: you learned something, just not what you were expecting to learn. 

But please think twice before putting an experiment in a production domain. This is exactly the sort of reason people normally register independent domains for beacons.
    
                -Bill


> On Feb 28, 2021, at 09:52, Florian Weimer <fw at deneb.enyo.de> wrote:
> 
> * Winfried Angele:
> 
>> I guess they've turned off validation for irs.gov because of a
>> former failure.
> 
> I think it goes beyond that.  It extends to GOV and MIL as a whole, it
> seems.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations






More information about the dns-operations mailing list