--- Begin Message ---
On Thu Jul 13, 2023 at 7:16 PM UTC, Gavin McCullagh wrote:
> ...
>
> I assume lots of us on this mailing list operate authoritative dns
> servers. When one of our PoPs or nameservers is unresponsive, most of us
> rely on retries against other nameservers (aka PoPs) to ensure
Hi,
On Thu, Jul 13, 2023 at 1:18 PM Viktor Dukhovni
wrote:
> On Thu, Jul 13, 2023 at 12:16:37PM -0700, Gavin McCullagh wrote:
>
> > When faced with ~4x obviously bogus, broken nameservers (the stale pop)
> and
> > ~9x fresh working nameservers with valid signatures, the DNSSEC RFCs
> appear
> >
On Thu, Jul 13, 2023 at 12:16:37PM -0700, Gavin McCullagh wrote:
> When faced with ~4x obviously bogus, broken nameservers (the stale pop) and
> ~9x fresh working nameservers with valid signatures, the DNSSEC RFCs appear
> to specify (and Unbound appears to implement) that resolvers must accept
>
On Wed, Jul 12, 2023, 5:28 PM Olafur Gudmundsson wrote:
>
>
> On Jul 11, 2023, at 8:24 PM, Gavin McCullagh wrote:
>
> That is true of course, but the magnitude of this event was made much
> worse by dnssec. The entire COM and NET zones being bogus (including the
> unsigned delegations) is very
