[dns-operations] Quad9 DNSSEC Validation?

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Mar 1 23:28:04 UTC 2021

On Mon, Mar 01, 2021 at 02:40:38PM -0800, Brian Dickson wrote:

> > On the .gov side, just 10 of 1239 domains fail to return validated
> > DNSKEY RRsets (with rounded number of weeks duration):
> >
> >     weeks |           domain
> >    -------+----------------------------
> >       148 | uscapitolpolice.gov
> Just an observation, in terms of real world implications of DNSSEC
> validation failures:
> I hope this wasn't in any way a contributing factor in the 2021-01-06
> events/response.

I hope so too.  I would expect that any real-time incident coordination,
was happening over other channels, but I did notice the irony of this
being one of the domains where operational discipline has been long

In a similar vein, nationalmall.gov is also broken, but here, none of
the names listed in the NS RR from the parent exist, so the zone is
simply lame.



More information about the dns-operations mailing list