[dns-operations] Enabling DNSSEC signing for pagerduty.com

Andy Smith asmith at pagerduty.com
Wed Jun 7 00:30:01 UTC 2023


On Tue, Jun 6, 2023 at 3:26 PM Matt Nordhoff <lists at mn0.us> wrote:
> It's probably fine but maybe not? Clients don't normally look up NS
> records, but I don't know if there are cases where a recursive
> resolver's internal logic could notice or care?

That's a good point - so far everything seems to be fine but we're
keeping an eye on it.

> [ABSOLUTELY DO NOT PANIC AND UNSIGN THE ZONE. YOU CAN PANIC AND DELETE
> THE DS RECORD BUT FOR THE LOVE OF GOD DO NOT UNSIGN THE ZONE.]

Definitely! One of the things we did learn from others is to _not_
unsign things without knowing exactly what the implications are.

Andy.
--
Andy Smith
Senior Site Reliability Engineer - SRE Cloud Infrastructure
PagerDuty - https://pagerduty.com/
Pronouns: he/him




More information about the dns-operations mailing list