[Dnssec-deployment] Analysis of NASA.GOV DNSSEC Issue 18-Jan-2012
Doug Barton
dougb at dougbarton.us
Tue Jan 31 22:57:34 EST 2012
On 01/31/2012 05:32, Tony Finch wrote:
> Livingood, Jason <Jason_Livingood at cable.comcast.com> wrote:
>>
>> Anyway, if a user cannot access a site it'd be nice if their browser had
>> some error saying "This site cannot be reached due to a a DNS security
>> issue" or some such thing. But that may never happen (and maybe never
>> should), so between the world we live in now and the point where that
>> occurs it'd be nice to figure out a way to inform the users of *why* the
>> site was not reachable.
>
> This is a wider problem than DNSSEC. OpenDNS redirect users to a DNS
> debugging page in the event of resolution problems. An ISP might also want
> to explain routing problems that affect external connectivity. If users
> have connectivity to their ISP but something beyond that is broken then
> this kind of status page can be useful. The problem is then to get the
> users to the status page...
Well, BIND 9.9 just added NXDOMAIN redirection, so DNSSEC failure
redirection shouldn't be that much of a leap. :)
Doug
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the Dnssec-deployment
mailing list