nanog mailing list archives

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)

From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Fri, 10 Dec 2021 22:38:41 +0900

Mark Andrews wrote:

Just saying, facts are on my side. Check the number of times dnssec
caused an outage. Then check the number of hacks prevented by
dnssec. Literally 0.


How do you know?  Unless you investigated every single time DNSSEC
validation returned bogus to get to the root cause you cannot know.

How?

Because most birthday attacks for plain DNS will fail, you can
almost always know DNSSEC answer is bogus by comparing answers
from DNSSEC and plain DNS.

That the root cause may not be known is not a problem.

                                                Masataka Ohta

Current thread:

Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu), (continued)
- - - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 08)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Masataka Ohta (Dec 08)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 09)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 09)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Francis Booth via NANOG (Dec 09)
    - RE: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Jean St-Laurent via NANOG (Dec 09)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 09)
    - RE: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Jean St-Laurent via NANOG (Dec 09)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Nick Hilliard (Dec 09)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Mark Andrews (Dec 09)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Masataka Ohta (Dec 10)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Masataka Ohta (Dec 08)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 09)
    - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Masataka Ohta (Dec 10)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Mark Tinka (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Stephane Bortzmeyer (Dec 08)
  - Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Laura Smith via NANOG (Dec 08)