Mark Tinka mark at
Sat Oct 2 05:29:06 UTC 2021

So, that wasn't fun, yesterday:

We were also hit, given we run DNSSEC on our resolvers.

Interesting some large open resolver operators use Negative TA's for 
this sort of thing. Not sure how this helps with the DNSSEC objective, 
but given the kind of pain mistakes like these can cause, I can see why 
they may lean on NTA's.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list