On Fri, Nov 8, 2019 at 9:17 PM Paul Wouters <p...@nohats.ca> wrote: > > On Nov 8, 2019, at 20:13, Brian Dickson <brian.peter.dick...@gmail.com> > wrote: > > > > > More anecdotal stuff is at https://ianix.com/pub/dnssec-outages.html which > lumps together information about TLD failures (now very rare), sites with > failures (becoming increasingly uncommon and having smaller impact), and > durations (typically a week or less on average, but again, this is > anecdotal not statistical.) > > > I have on a few occasions explained to the people running this site that > they were wrong to blame dnssec. Some listed events were generic outages > wrongly blamed on dnssec. No corrections were ever made. The side is > extremely subjectively anti-dnssec. > > > > YMMV, of course. But, fear of rampant validation failures is entirely > misplaced at this point. Enough validation is being done, that such > failures need to be considered the responsibility of the signers, not the > validators. > > > Exactly, and why I quoted 8.8.8.8, 1.1.1.1 and 9.9.9.9. So many people are > behind dnssec validators that validation failure would lead to a quick > outage notification by tools or humans. > > Paul >
Thanks to everyone for the info and recommendations. I need to figure out how to alert on validation failures, and then enable validation. -- Bob Harold
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy