[dns-operations] Quad9 DNSSEC Validation?

Paul Vixie paul at redbarn.org
Mon Mar 1 19:08:06 UTC 2021

On Tue, Mar 02, 2021 at 05:46:38AM +1100, Mark Andrews wrote:
> It also doesn???t help that Whois is not particularly useful. It has
> improved but if you can???t report faults they don???t get fixed.

right. agreed. the reliable signal for "wrong key or signature" has to be a
loss of incoming traffic and a lot of complaints from one's own users. we
won't be solving this with a cron job. NTA adds deliberate assymetry between
the costs of doing DNSSEC signing wrong and the costs of coping with that.

> -- 
> Mark Andrews

Paul Vixie

More information about the dns-operations mailing list