2015/03/11I wrote back in 2010
that ISPs should prepare for the inevitable backlash if their DNSSEC-aware resolvers black out an important domain.
We now had just such a case: the protagonists make it even juicier than I imagined: Comcast customers could not access the new HBO website where they could get the HBO programming without paying for a full cable TV package.
Accusation were flying
, emergency debugging and cache clearing ensued and we're now in the "What went wrong?
" and "./ style discussions
It looks like Comcast weathered that storm pretty well. This may be a result of good social media work, a quick fix from HBO, and the fact that Google's 220.127.116.11 nameserver also does DNSSEC validation.
Author: Otmar Lendl