Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

• Previous message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Next message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 8, 2021 at 6:35 AM Niels Bakker <niels=nanog at bakker.net> wrote:

> * darkdevil at darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:
> >To me, that part of it also points towards a broken implementation at
> >CloudFlare, letting a bogus (insecure) responses take effect anyway.
>
> Or they prefer allowing people to visit websites over punishing
> system administrators for operational failures that less secure (read:
> nonvalidating) ISPs wouldn't inflict on their customers.
>
> It's been quite common for DNSSEC-enabled recursors to add overrides
> for outaged domains in situations like this.


It’s quite common for DNSSEC to fail at spectacular scale

It is also common for DNSSEC to be weaponized in colossal ddos attacks.

What’s uncommon? Attacks that DNSSEC is intended to solve.

Don’t wait for the rfc.

You dont need a weatheman.

DNSSEC is considered harmful on the internet



>
> It looks like the error has been mitigated, by the way, so this manual
> override may not even have happened.
>
>
>         -- Niels.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211208/53c33b45/attachment.html>

• Previous message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Next message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]