nanog mailing list archives
Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
From: Ca By <cb.list6 () gmail com>
Date: Wed, 8 Dec 2021 07:01:43 -0800
On Wed, Dec 8, 2021 at 6:35 AM Niels Bakker <niels=nanog () bakker net> wrote:
* darkdevil () darkdevil dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:To me, that part of it also points towards a broken implementation at CloudFlare, letting a bogus (insecure) responses take effect anyway.Or they prefer allowing people to visit websites over punishing system administrators for operational failures that less secure (read: nonvalidating) ISPs wouldn't inflict on their customers. It's been quite common for DNSSEC-enabled recursors to add overrides for outaged domains in situations like this.
It’s quite common for DNSSEC to fail at spectacular scale It is also common for DNSSEC to be weaponized in colossal ddos attacks. What’s uncommon? Attacks that DNSSEC is intended to solve. Don’t wait for the rfc. You dont need a weatheman. DNSSEC is considered harmful on the internet
It looks like the error has been mitigated, by the way, so this manual
override may not even have happened.
-- Niels.
Current thread:
- Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Laura Smith via NANOG (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Marco Davids (Private) via NANOG (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Niels Bakker (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Masataka Ohta (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Francis Booth via NANOG (Dec 09)
- RE: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Jean St-Laurent via NANOG (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 09)
- RE: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Jean St-Laurent via NANOG (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Marco Davids (Private) via NANOG (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Nick Hilliard (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Mark Andrews (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Masataka Ohta (Dec 10)