[dns-operations] Quad9 DNSSEC Validation?

Paul Vixie paul at redbarn.org
Mon Mar 1 18:21:28 UTC 2021

On Mon, Mar 01, 2021 at 08:21:21AM -0500, Jim Popovitch via dns-operations wrote:
> ...
> Over on the email side, I know of several instances in the past 5+ years
> where email providers have had to disable TLS and/or DANE/DNSSEC checks
> (i.e. postfix's smtp_tls_policy_maps) for .mil and .gov domains due
> mostly in part for poor key rollover management practives/monitoring.

so, this is a game of "chicken" where the wrong people keep flinching.

Paul Vixie

More information about the dns-operations mailing list