[dns-operations] Survey on DNS resolver operations and DNSSEC

Michele Neylon - Blacknight michele at blacknight.com
Mon Mar 21 15:02:05 UTC 2022


I’m checking internally what ours does, but it’s not a “simple” binary question.
We did have it turned on in the past, but doing so meant we couldn’t get email from several organisations we work with as their DNSSEC setup was broken. And of course it took time to realise that we weren’t getting those emails.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845


From: dns-operations <dns-operations-bounces at dns-oarc.net> on behalf of Peter Thomassen <peter at desec.io>
Date: Monday, 21 March 2022 at 14:50
To: dns-operations at lists.dns-oarc.net <dns-operations at lists.dns-oarc.net>
Subject: Re: [dns-operations] Survey on DNS resolver operations and DNSSEC
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

On 3/21/22 13:19, Bill Woodcock wrote:
> The alternative to DNSSEC validation is man-in-the-middle compromises.  We wouldn’t be doing DNSSEC validation if it caused more workload than man-in-the-middle compromises.  Therefore the increased workload is negative, not positive.

Is that (economic) argument all there is to it? -- If so, wouldn't one expect all resolver operators to do DNSSEC validation? (Validation prevalence is far from 100%.)

Best,
Peter


--
Like our community service? 💛
Please consider donating at

https://desec.io/

deSEC e.V.
Kyffhäuserstr. 5
10781 Berlin
Germany

Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220321/fa39806f/attachment-0001.html>


More information about the dns-operations mailing list