On 07/09/2014 09:46 AM, Stephane Bortzmeyer wrote: > Is there a trend towards _less_ DNSSEC problems, with time? This is > not obvious. nasa.gov just botched a key rollover. > > The problem (DS to a non-existing key) > http://dnsviz.net/d/nasa.gov/U7yzSQ/dnssec/ >
Only local, so I can't say anything about global trends, but we've been running a validation monitor where we notify registrars of DNSSEC errors that are encountered in the wild (The DNSSEC Validation Monitor; the extended description is in Dutch but here are some slides about it: https://www.sidnlabs.nl/uploads/tx_sidnpublications/DNSSEC_Validation_Monitor.pdf). DS to no keys at all (usually after a registrar move) tends to be the error that happens most. But within .nl, there is definitely a trend downwards. Jelte
