nanog mailing list archives
Re: US government mandates? use of DNSSEC by federal agencies
From: David Conrad <drc () virtualized org>
Date: Wed, 27 Aug 2008 16:41:20 -0700
On Aug 27, 2008, at 11:03 AM, Michael Thomas wrote:
Of course embedded frobs that don't auto-update like, oh say, your favorite router could be problematic.
You have a router that supports DNSSEC that can't be made to do some form of auto-update?
In any case, the point of my first question was really about the concern of false positives. Do we really have any idea what will happen if you hard fail dnssec failures?
As far as I'm aware, there is no 'soft fail' for DNSSEC failures. In the caching servers I'm familiar with, if a name fails to validate, it used to be that it doesn't get cached and SERVFAIL is returned. Maybe that's been fixed?
Regards, -drc
Current thread:
- Re: US government mandates? use of DNSSEC by federal agencies, (continued)
- Re: US government mandates? use of DNSSEC by federal agencies Jared Mauch (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Leo Bicknell (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Kevin Oberman (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Steven M. Bellovin (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Jeroen Massar (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Kevin Oberman (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Jeroen Massar (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Michael Thomas (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Michael Thomas (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)