Re: snarls in real life

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Apr 22, 2021, at 09:47, Viktor Dukhovni wrote:
My domain has been signed since 2014 without any disruptions, with just
a modest monitoring script that has alerted me to pendign expiration
(automated re-signing wasn't kicking in) a couple of times, well before
the signatures expired.  The bugs that resulted in resigning not
happening have been fixed for some time, and I don't have to expend any
energy to keep DNSSEC running, it just works.

That's you - you're an expert in this field.  Most people aren't.  And yet - as you mention, you had a bug with automated re-signing failing and had to add monitoring.

Also, I suspect that the content of your zone is managed by... you.

Extrapolating from that to assume that everyone else in the world will have the same experience... maybe the tooling has become heaps better than when we looked in 2016, but the list of DNSSEC failures hasn't exactly trickled to zero - cdc.gov in the year 2021 being a nice example case:

https://mailman.nanog.org/pipermail/nanog/2021-January/211507.html

Bron.

--
  Bron Gondwana, CEO, Fastmail Pty Ltd
  brong@xxxxxxxxxxxxxxxx


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux