[dns-operations] Quad9 DNSSEC Validation?

Jim Popovitch jimpop at domainmail.org
Mon Mar 1 13:21:21 UTC 2021


On Mon, 2021-03-01 at 06:44 -0600, it was written:
> .. who have silently and without notice disabled all such 
> validation for the entire .gov and .mil gTLDs.

Over on the email side, I know of several instances in the past 5+ years
where email providers have had to disable TLS and/or DANE/DNSSEC checks
(i.e. postfix's smtp_tls_policy_maps) for .mil and .gov domains due
mostly in part for poor key rollover management practives/monitoring.

-Jim P.




More information about the dns-operations mailing list