Deutsch | English
This blog does not contain official statements of, only personal opinions of the individual contributors.

One quick note on DNSSEC Validation failures


I wrote back in 2010 that ISPs should prepare for the inevitable backlash if their DNSSEC-aware resolvers black out an important domain.

We now had just such a case: the protagonists make it even juicier than I imagined: Comcast customers could not access the new HBO website where they could get the HBO programming without paying for a full cable TV package.

Accusation were flying, emergency debugging and cache clearing ensued and we're now in the "What went wrong?" and "./ style discussions" stage.

It looks like Comcast weathered that storm pretty well. This may be a result of good social media work, a quick fix from HBO, and the fact that Google's nameserver also does DNSSEC validation.

Author: Otmar Lendl

Phone: +43 1 5056416 78
more ...
MeliCERTes Training in Vienna
2019/03/14 | From March ...
New PGP-Keys
2019/03/13 | Since our ...
more ...
Last Change: 2015/3/11 - 14:05:35
Haftungsausschluss / Data Protection & Privacy Policy