On Mon, Mar 1, 2021 at 2:16 PM Viktor Dukhovni <[email protected]> wrote:
> On Mon, Mar 01, 2021 at 09:12:38AM +0100, Petr Špaček wrote: > > > In my experience negative trust anchors for big parts of MIL and/or GOV > > are way more common, let's not pick specifically on Quad9. For periods > > of time I have seen with other big resolver operators as well. > > On the .gov side, just 10 of 1239 domains fail to return validated > DNSKEY RRsets (with rounded number of weeks duration): > > weeks | domain > -------+---------------------------- > > 148 | uscapitolpolice.gov Just an observation, in terms of real world implications of DNSSEC validation failures: I hope this wasn't in any way a contributing factor in the 2021-01-06 events/response. Brian
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
