Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

[Arne Jensen <darkdevil () darkdevil dk>]

Den 08-12-2021 kl. 15:32 skrev Niels Bakker:
> * darkdevil () darkdevil dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:
> > To me, that part of it also points towards a broken implementation at 
> > CloudFlare, letting a bogus (insecure) responses take effect anyway.
>
> Or they prefer allowing people to visit websites over punishing system 
> administrators for operational failures that less secure (read: 
> nonvalidating) ISPs wouldn't inflict on their customers.
I find it hard to believe that CloudFlare would do such though, however, 
while such kind of things could indeed be the cause, I'm personally 
going towards "Rather safe, than sorry".
> It's been quite common for DNSSEC-enabled recursors to add overrides 
> for outaged domains in situations like this.

Unfortunately, yes, overrides are too common for many different things. 
Time for them (the overrides) to die completely.

> It looks like the error has been mitigated, by the way, so this manual 
> override may not even have happened.

+1.

--
Med venlig hilsen / Kind regards,
Arne Jensen