DNSSEC

[Tony Finch]

Barry Margolin <barmar at alum.mit.edu> wrote:
>
> [Validation is] only untroublesome until someone screws things up on
> their auth server.  When one of your users can't access something.gov,
> they'll complain to YOU, even though it's mostly out of your hands.
>
> This is true for other problems on auth servers as well, of course.  But
> DNSSEC is new enough that there tend to be more failures of this kind,
> even by organizations that until now have seemed to know what they're
> doing.

Some of the early DNSSEC deployments (especially in .gov) did not use good
tooling. That's much less of a problem now. See for instance the big
DNSSEC deployments in Sweden, Czech, Brazil.

Even third party DNSSEC screwups have not caused us much trouble.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Faeroes: Northeasterly backing northerly, 4 or 5, increasing 6 or 7 for a time
in east. Moderate, becoming rough later in far east. Showers. Good.