Deutsch | English
This blog does not contain official statements of CERT.at, only personal opinions of the individual contributors.

One quick note on DNSSEC Validation failures

2015/03/11

I wrote back in 2010 that ISPs should prepare for the inevitable backlash if their DNSSEC-aware resolvers black out an important domain.

We now had just such a case: the protagonists make it even juicier than I imagined: Comcast customers could not access the new HBO website where they could get the HBO programming without paying for a full cable TV package.

Accusation were flying, emergency debugging and cache clearing ensued and we're now in the "What went wrong?" and "./ style discussions" stage.

It looks like Comcast weathered that storm pretty well. This may be a result of good social media work, a quick fix from HBO, and the fact that Google's 8.8.8.8 nameserver also does DNSSEC validation.

Author: Otmar Lendl

Email: reports@cert.at
Phone: +43 1 5056416 78
more ...
Heartbleed: (Almost) three years later
2017/01/27 | Shodan recently ...
DROWN update
2016/04/11 | As I wrote ...
more ...
Last Change: 2015/3/11 - 14:05:35
Haftungsausschluss