[dns-operations] Quad9 DNSSEC Validation?
jimpop at domainmail.org
Mon Mar 1 13:21:21 UTC 2021
On Mon, 2021-03-01 at 06:44 -0600, it was written:
> .. who have silently and without notice disabled all such
> validation for the entire .gov and .mil gTLDs.
Over on the email side, I know of several instances in the past 5+ years
where email providers have had to disable TLS and/or DANE/DNSSEC checks
(i.e. postfix's smtp_tls_policy_maps) for .mil and .gov domains due
mostly in part for poor key rollover management practives/monitoring.
More information about the dns-operations