On Wed, Feb 25, 2015 at 03:08:46PM -0800, IETF Chair <chair@xxxxxxxx> wrote a message of 19 lines which said: > Our CDN vendor, Cloudfare, however, has worked in the background to > enable DNSSEC for their customers. They have now come back with a > system that we have enabled for the IETF web pages. I don't know if it's related but several instances of the ietf.org name servers reply SERVFAIL (reported as ticket [www.ietf.org/rt #73651]): % dig +nsid @65.22.8.1 SOA ietf.org ; <<>> DiG 9.9.5-8-Debian <<>> +nsid @65.22.8.1 SOA ietf.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32035 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; NSID: 6e 73 30 30 31 62 2e 61 70 70 32 37 2e 61 6d 73 32 2e 61 66 69 ; 6c 69 61 73 2d 6e 73 74 2e 69 6e 66 6f (n) (s) (0) (0) (1) (b) (.) ; (a) (p) (p) (2) (7) (.) (a) (m) (s) (2) (.) (a) (f) (i) (l) (i) (a) ; (s) (-) (n) (s) (t) (.) (i) (n) (f) (o) ;; QUESTION SECTION: ;ietf.org. IN SOA ;; Query time: 78 msec ;; SERVER: 65.22.8.1#53(65.22.8.1) ;; WHEN: Thu Feb 26 08:41:05 CET 2015 ;; MSG SIZE rcvd: 75