Deutsch | English
This blog does not contain official statements of, only personal opinions of the individual contributors.

One quick note on DNSSEC Validation failures


I wrote back in 2010 that ISPs should prepare for the inevitable backlash if their DNSSEC-aware resolvers black out an important domain.

We now had just such a case: the protagonists make it even juicier than I imagined: Comcast customers could not access the new HBO website where they could get the HBO programming without paying for a full cable TV package.

Accusation were flying, emergency debugging and cache clearing ensued and we're now in the "What went wrong?" and "./ style discussions" stage.

It looks like Comcast weathered that storm pretty well. This may be a result of good social media work, a quick fix from HBO, and the fact that Google's nameserver also does DNSSEC validation.

Author: Otmar Lendl

Last Change: 2015/3/11 - 14:05:35
Haftungsausschluss / Data Protection & Privacy Policy