On 4/13/12 5:18 PM, "Patrik Fältström" <[email protected]<mailto:[email protected]>> wrote:
On 13 apr 2012, at 22:44, Nicholas Weaver wrote: Because practice has shown that it is the recursive resolver, not the authority, that gets blamed. As you saw in my mail, I completely disagree from my own personal experience. If I look at the number of failures, the number of cases where the validator is blamed is exactly one -- Comcast in the NASA case. Compared to the about 50 cases or so when the zone owner/signer is blamed. Yes, we have been running DNSSEC validation in Sweden a bit longer than in the USA. Can you please comment on that mail that uses a few more characters than '+1' please? Maybe what we should do is publicize all the escalations and failures we see so others have some sense of this (assuming we have the cycles for that)? Here are a few complaints by customers that I found in a quick search: http://forums.comcast.com/t5/Web-Browsers/Cannot-connect-to-NOAA-gov-and-related-sites/m-p/1211707/highlight/true#M23142 http://forums.comcast.com/t5/Connectivity-and-Modem-Help/DNS-issues-with-gov-addresses-Proven-Comcast-issue/m-p/1241301/highlight/true#M150167 http://forums.comcast.com/t5/Connectivity-and-Modem-Help/DNS-Issue-Again/m-p/1209289/highlight/true#M148556 http://forums.comcast.com/t5/Connectivity-and-Modem-Help/DNS-can-t-find-NOAA-Hurricane-Center-other-major-sites/m-p/1084603/highlight/true#M141297 http://forums.comcast.com/t5/Connectivity-and-Modem-Help/Why-is-Comcast-unable-to-keep-DNS-working-No-dot-gov-resolution/m-p/908009/highlight/true#M131067 And sites here (http://www.dnsops.gov/USAdotGOV-status.html) we usually hear about. - Jason
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
