[dns-operations] Quad9 DNSSEC Validation?
roy at dnss.ec
Mon Mar 1 19:28:27 UTC 2021
In a few cases, the operator of a zone does not immediately realise that there are issues. To overcome that, Matt and I have a proposal in the works (DNS-error-reporting) that lets a resolver send an error report on a broken zone to a third party, indicated by the same broken zone.
The point of this is to get things fixed faster.
Hope this helps and apologies for the shameless plug.
> On 1 Mar 2021, at 19:08, Paul Vixie <paul at redbarn.org <mailto:paul at redbarn.org>> wrote:
> On Tue, Mar 02, 2021 at 05:46:38AM +1100, Mark Andrews wrote:
>> It also doesn???t help that Whois is not particularly useful. It has
>> improved but if you can???t report faults they don???t get fixed.
> right. agreed. the reliable signal for "wrong key or signature" has to be a
> loss of incoming traffic and a lot of complaints from one's own users. we
> won't be solving this with a cron job. NTA adds deliberate assymetry between
> the costs of doing DNSSEC signing wrong and the costs of coping with that.
>> Mark Andrews
> Paul Vixie
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net <mailto:dns-operations at lists.dns-oarc.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations