On Wed, Aug 21, 2013 at 1:19 PM, Rose, Scott W. <[email protected]> wrote: > >From appearances, the error is not DNSSEC related (army.mil is unsigned), > but that no one can reach the army.mil servers. I see both SERVFAIL and > "no servers could be reached" errors. >
bummer, I thought i had seen dnssec problems :( I wasn't looking as closely as I should have, clearly (see peanut gallery portion of comment) > As for requiring validation, the next version of the security controls for > all Federal USG systems will require DNSSEC validation in the agency. oh, that's good(er). > This will likely be at the recursive resolver level, not the end system. > http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf > > That was published in 4/2013, so it won't be "in effect" until next April, > but some agencies are doing validation now. We already hear of issues and > some successes. hurrah! it seems that like other internet-things, making more people scream gets you the lube required to operationalize things better :) (or I hope that's what the lube is for) -chris _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
