[dns-operations] Quad9 DNSSEC Validation?

Roy Arends roy at dnss.ec
Mon Mar 1 19:28:27 UTC 2021

In a few cases, the operator of a zone does not immediately realise that there are issues. To overcome that, Matt and I have a proposal in the works (DNS-error-reporting) that lets a resolver send an error report on a broken zone to a third party, indicated by the same broken zone.

https://tools.ietf.org/html/draft-arends-dns-error-reporting-00 <https://tools.ietf.org/html/draft-arends-dns-error-reporting-00>

The point of this is to get things fixed faster.

Hope this helps and apologies for the shameless plug.



> On 1 Mar 2021, at 19:08, Paul Vixie <paul at redbarn.org <mailto:paul at redbarn.org>> wrote:
> On Tue, Mar 02, 2021 at 05:46:38AM +1100, Mark Andrews wrote:
>> It also doesn???t help that Whois is not particularly useful. It has
>> improved but if you can???t report faults they don???t get fixed.
> right. agreed. the reliable signal for "wrong key or signature" has to be a
> loss of incoming traffic and a lot of complaints from one's own users. we
> won't be solving this with a cron job. NTA adds deliberate assymetry between
> the costs of doing DNSSEC signing wrong and the costs of coping with that.
>> -- 
>> Mark Andrews
> -- 
> Paul Vixie
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net <mailto:dns-operations at lists.dns-oarc.net>
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210301/b6a65e6e/attachment.html>

More information about the dns-operations mailing list