[138909] in North American Network Operators' Group
DNSSEC on the resolver-side?
daemon@ATHENA.MIT.EDU (Marco Davids (Prive))
Wed Mar 23 07:58:27 2011
Date: Wed, 23 Mar 2011 12:58:19 +0100 (CET)
From: "Marco Davids (Prive)" <mdavids@forfun.net>
To: nanog@nanog.org
X-SA-Exim-Mail-From: mdavids@forfun.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
I wonder... How many people here have activated DNSSEC validation on their
resolvers?
Please let me know off-list when the page below results in a green tick:
http://dnssectest.sidn.nl/
Additional details are welcome, like:
- The IP-address of the resolver(s) you used (if you know)
- Whether this is an 'official' resolver at an ISP or not
- You current IP-address, or the ISP you are at (http://ip.sidn.nl might be
helpful).
Maybe some of you DNS-gurus are even able to tell why DNSSEC validation failed,
even when using DNSSEC-enabled resolvers. For example because of some
old-school DNS-forwarder in your ADSL modem or something. That would be
great information also.
The reason for this post is just for me to get a rough understanding of the
level of DNSSEC adoption on the resolver-side and the problems that
might still exist with DNSSEC validation.
The NANOG wiki (http://nanog.cluepon.net) has nothing
about DNSSEC yet. Would it be an idea to add something about DNSSEC? I am more
than willing to do the kick-off for that.
Regards,
--
Marco
