<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] DNSSEC toward a more insecure Internet Re: PROBLEMS Resolving .gov w/dnssec
- To: "ga@xxxxxxxxxxxxxx >> GA" <ga@xxxxxxxxxxxxxx>
- Subject: [ga] DNSSEC toward a more insecure Internet Re: PROBLEMS Resolving .gov w/dnssec
- From: Joe Baptista <baptista@xxxxxxxxxxxxxx>
- Date: Thu, 22 Apr 2010 10:58:44 -0400
??? does dnssec mean a more secure Internet experience but a higher rate of
failure in dns resolution?
Incidentally folks Dr. Bernstein predicted this would happen. It's called
DNSSEC suicide. Today the USPTO goes offline - what will happen tommorrow -
will .gov go poof?
On Thu, Apr 22, 2010 at 10:39 AM, Torsten <toto@xxxxxxxxxxxxx> wrote:
> Am Thu, 22 Apr 2010 10:03:43 -0400 (EDT)
> schrieb Paul Wouters <paul@xxxxxxxxxxxxx>:
>
> > On Thu, 22 Apr 2010, Timothe Litt wrote:
> >
> > > I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and
> > > 9.6-ESV configured as valdidating resolvers.
> > >
> > > Using dig, I get a connection timeout error after a long (~10 sec)
> > > delay. +cdflag provides an immediate response.
> >
> > > Is anyone else seeing this? Ideas on how to troubleshoot?
> >
> > I have the same problems with our validating unbound instance. The
> > logs show:
> >
>
> Maybe something went wrong in the key-rollover process. Queries
> for DS, DNSKEY and NSEC get a reply with the ad flag set. All other
> records fail.
>
>
> Ciao
> Toto
>
> _______________________________________________
> bind-users mailing list
> bind-users@xxxxxxxxxxxxx
> https://lists.isc.org/mailman/listinfo/bind-users
>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|