> On Sep 24, 2022, at 3:20 AM, Bjørn Mork <bj...@mork.no> wrote: > > Philip Prindeville <philipp_s...@redfish-solutions.com> writes: > >> How many ISP's squelch DNSSEC like that? I hope it's not a common practice! > > More common than you'd like to think. See Geoff's excellent world map > at https://stats.labs.apnic.net/dnssec > > Note that no validation implies no signatures for downstream resolvers. > Which makes the non-validating resolvers useless in a forwarder > statements, like you discovered. And useless in many other situations > as well. You can't do DANE for example. > > FWIW, we (as in Telenor Norway) enabled validation in 2015, along with > most of the other major Norwegian ISPs, after being educated with a > sufficiently powerful LART by the local domain registry (NORID). They > invited all the local resolver operators for a workshop in May 2015, > focusing on the importance of validation. This is the primary reason > Norway is green on that map.. > > I must admit I was a bit worried in the beginning. But we've had > surprisingly few problems. And no major issues AFAIR. > > There's really no reason to avoid dnssec-validation in 2022. Just go > poke your ISP if they've disabled it. > > > Bjørn > --
So... was 2019 the year that Netflix had no Norwegian viewers? ;-) Nice job Saudi Arabia, BTW... 2nd highest rank after SJ which doesn't really count. -Philip -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users