[dns-operations] slack.com bogus

Matthew Pounsett matt at conundrum.com
Thu Sep 30 19:12:08 UTC 2021


On Thu, 30 Sept 2021 at 14:34, vom513 <vom513 at gmail.com> wrote:
>
>
> So perhaps a dumb question - could Google and Cloudflare be hitting some kind of “manual overrride” to not validate a given zone - i.e. human intervention / look the other way ?

Negative Trust Anchors, most probably.  It's standard operating
procedure, particularly for the very large operators, to work around
zones that are clearly broken and not actually being attacked to
essentially turn off DNSSEC validation for those zones for some period
of time.




More information about the dns-operations mailing list