Patrik Fältström, Sunday, April 15, 2012 1:34 AM": > ...and my point is that the effort should be spent on convincing AT&T, > Cox and others to do validation just like Comcast. And to inform the > users, press and others that for example it was NASA and not Comcast > that had problems.
Convincing other service providers is a good long term idea. That would increase the pressure on the zone operators to do DNSSEC properly. However, the open resolvers that don't support DNSSEC are a bigger "issue" since the Service Providers' customer instantly can get what he believes is a better working resolver by switching to one of those. If we could convince 8.8.8.8 (208.67.222.222 and 4.2.2.1) to turn on DNSSEC validation, then there would not be any need for NTAs. /S _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
