[dnssec-deployment] some observations about .SE's DNSSEC
Patrik Fältström
paf at cisco.com
Tue Sep 25 18:28:09 EDT 2007
FWIW, I have noticed they do actually do verification of the
signatures as email to myself (the frobbit.se domain MX record) has
bounced when the re-signing of keys failed due to bugs in my cron-jobs.
So, DNSSEC works.
Patrik
On 26 sep 2007, at 00.02, Paul Vixie wrote:
> jakob has given me permission to share this information with you,
> and would
> welcome any questions or discussion we might have:
>
> --------
>
> From: Jakob Schlyter <jakob at rfc.se>
> Subject: Re: AD set unrequested
> Date: Tue, 25 Sep 2007 17:28:26 +0200
> To: xxx
>
> on more thing...
>
> as you may have noted, DNSSEC in .SE is in full production at
> least two
> large ISP:s in Sweden are doing DNSSEC validation in their production
> systems. it was recently discovered that none of their customers
> (with
> crappy broadband routers, e.g. Netgear) can reach signed domains.
> ouch.
>
> jakob
>
> --------
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: <http://mail.shinkuro.com:8100/
> Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
More information about the Dnssec-deployment
mailing list