[dns-operations] Quad9 DNSSEC Validation?

Scott Morizot tmorizot at gmail.com
Mon Mar 1 23:28:37 UTC 2021


That would seem to be a stretch, especially since the domain they actually
appear to use is:

https://www.uscp.gov/

That's also the one that comes up on searches.

Scott

On Mon, Mar 1, 2021 at 4:48 PM Brian Dickson <brian.peter.dickson at gmail.com>
wrote:

>
>
> On Mon, Mar 1, 2021 at 2:16 PM Viktor Dukhovni <ietf-dane at dukhovni.org>
> wrote:
>
>> On Mon, Mar 01, 2021 at 09:12:38AM +0100, Petr Špaček wrote:
>>
>> > In my experience negative trust anchors for big parts of MIL and/or GOV
>> > are way more common, let's not pick specifically on Quad9. For periods
>> > of time I have seen with other big resolver operators as well.
>>
>> On the .gov side, just 10 of 1239 domains fail to return validated
>> DNSKEY RRsets (with rounded number of weeks duration):
>>
>>     weeks |           domain
>>    -------+----------------------------
>>
>
>
>>       148 | uscapitolpolice.gov
>
>
> Just an observation, in terms of real world implications of DNSSEC
> validation failures:
>
> I hope this wasn't in any way a contributing factor in the 2021-01-06
> events/response.
>
> Brian
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210301/04fecdc7/attachment-0001.html>


More information about the dns-operations mailing list