Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
Arne Jensen
darkdevil at darkdevil.dk
Thu Dec 9 09:06:44 UTC 2021
Den 08-12-2021 kl. 15:32 skrev Niels Bakker:
> * darkdevil at darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:
>> To me, that part of it also points towards a broken implementation at
>> CloudFlare, letting a bogus (insecure) responses take effect anyway.
>
> Or they prefer allowing people to visit websites over punishing system
> administrators for operational failures that less secure (read:
> nonvalidating) ISPs wouldn't inflict on their customers.
I find it hard to believe that CloudFlare would do such though, however,
while such kind of things could indeed be the cause, I'm personally
going towards "Rather safe, than sorry".
>
> It's been quite common for DNSSEC-enabled recursors to add overrides
> for outaged domains in situations like this.
Unfortunately, yes, overrides are too common for many different things.
Time for them (the overrides) to die completely.
>
> It looks like the error has been mitigated, by the way, so this manual
> override may not even have happened.
+1.
--
Med venlig hilsen / Kind regards,
Arne Jensen
More information about the NANOG
mailing list