On 10/25/14, 10:12 PM, "Warren Kumari" <[email protected]<mailto:[email protected]>> wrote:
On Sat, Oct 25, 2014 at 9:50 PM, Paul Hoffman <[email protected]<mailto:[email protected]>> wrote: On Oct 25, 2014, at 6:43 PM, Olafur Gudmundsson <[email protected]<mailto:[email protected]>> wrote: We want humans in the loop, I would love to see a twitter feed when ever Comcast does a Negative Trust Anchor. Like https://twitter.com/ComcastDNS, for example? Either things haven't been failing much lately, or they're not updating it as often as we had hoped. Or both... I suspect it might also be: Installing a NTA is annoying. It requires poking at running servers, you may have to talk to lawyers (shudder), you may have to get PR people in the loop, etc. This means that they only get put in for actual issues that affect a large number of users. If maryandjohnsvacation.photo goes bogus (because Mary typo'ed the entry in her crontab) it is highly unlikely that you will get DNS operators to go through the rigmarole of installing an NTA. Warren - Your suspicions are right on the money. A good reference is http://dns.comcast.net/images/files/dnssec_validation_failure_nasagov_20120118_final.pdf. Take a look at the flak we got on page 9 – truly fascinating. In any case, posting on Twitter and our DNS website is what we have been trying to do based on how people respond. And in nearly every case I have seen so far we have had PR involved since we have usually gotten press calls about it or could expect to (in the NASA.gov example it was ironically enough MSNBC). - Jason Livingood
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
