Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

• Previous message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Next message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Andrews wrote:

>> Just saying, facts are on my side. Check the number of times dnssec
>> caused an outage. Then check the number of hacks prevented by
>> dnssec. Literally 0.
> 
> How do you know?  Unless you investigated every single time DNSSEC
> validation returned bogus to get to the root cause you cannot know.
How?

Because most birthday attacks for plain DNS will fail, you can
almost always know DNSSEC answer is bogus by comparing answers
from DNSSEC and plain DNS.

That the root cause may not be known is not a problem.

						Masataka Ohta

• Previous message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Next message (by thread): Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]