On Jun 23, 2013, at 4:49 PM, valdis.kletni...@vt.edu wrote: > On Sat, 22 Jun 2013 20:45:44 +0200, Andre Tomt said: >> Seems the entire .biz tld is failing DNSSEC validation now. >> All of my DNSSEC validating resolvers are tossing all domains in .biz. >> The non-signed domains too of course because trust of the tld itself >> cannot be established. >> >> http://dnssec-debugger.verisignlabs.com/nic.biz > > So which event caused more disruption? 50K .com's in a failed DDoS > mitigation, or every single .biz lookup by something that actually does > dnssec? > I don't think we are trying to quantify which one was worst or point fingers at, but how do we remediate these type of issues in the future? I think these events will happen more and more often...
a TTL of 2 days seems rather long for NS and do I see 6 days TTL for DNSSEC records for .biz ?
signature.asc
Description: Message signed with OpenPGP using GPGMail