[dns-operations] Enabling DNSSEC signing for pagerduty.com
Andy Smith
asmith at pagerduty.com
Wed Jun 7 00:30:01 UTC 2023
On Tue, Jun 6, 2023 at 3:26 PM Matt Nordhoff <lists at mn0.us> wrote:
> It's probably fine but maybe not? Clients don't normally look up NS
> records, but I don't know if there are cases where a recursive
> resolver's internal logic could notice or care?
That's a good point - so far everything seems to be fine but we're
keeping an eye on it.
> [ABSOLUTELY DO NOT PANIC AND UNSIGN THE ZONE. YOU CAN PANIC AND DELETE
> THE DS RECORD BUT FOR THE LOVE OF GOD DO NOT UNSIGN THE ZONE.]
Definitely! One of the things we did learn from others is to _not_
unsign things without knowing exactly what the implications are.
Andy.
--
Andy Smith
Senior Site Reliability Engineer - SRE Cloud Infrastructure
PagerDuty - https://pagerduty.com/
Pronouns: he/him
More information about the dns-operations
mailing list