[dns-operations] Quad9 DNSSEC Validation?

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Sun Feb 28 20:14:28 UTC 2021

On 2/28/21 10:11 AM, Bill Woodcock wrote:
> We put in negative trust anchors where safe and necessary to keep things working for actual users, because if we don’t, we get drowned by support calls.

My (naive?) hope is that large validating services could form some 
agreement to start acting stricter in this respect.  Of course it's 
often hard to argue that a breakage is the domain's fault as long as it 
works almost everywhere else, but dnsflagday.net has shown that similar 
arrangements are possible to pull off.


More information about the dns-operations mailing list