On 24/05/2016, 08:34, "Testbed Support for GridPP member institutes on behalf of Daniela Bauer" <[log in to unmask] on behalf of [log in to unmask]> wrote:
> <snip>
>but by the looks of it it's a CalTech DNSSEC problem:
>https://ggus.eu/?mode=ticket_info&ticket_id=121567
Hi folks,
Confirmed as a DNSSEC problem:
http://dnsviz.net/d/ultralight.org/responses/
You may wish to get that URL added to the GGUS ticket as it serves to demonstrate the issue is not at the Imperial end.
>I don't know if this ticket is a sign of things to come.
Speaking as someone who has been involved in wide-scale DNSSEC deployment, you do have to be somewhat careful when you deploy DNSSEC-validating resolvers (because you will experience problems if the folks you are talking to have broken their zones through improper signing, as this ticket demonstrates), likewise, you will have problems if you break your zone and other folk start to deploy DNSSEC-validating resolvers.
I know some of the folks who look after Imperial’s authoritative DNS and they are very much on the ball.
Incidentally, as DNSSEC is a topic which I am quite knowledgeable (and passionate!) about, would there be any interest if I were to offer to give a talk at the next GridPP meeting ?
Regards,
Terry
--
Terry Froy
Cluster Systems Manager, Particle Physics
Queen Mary, University of London
Tel: +44 (0)207 882 6560
E-mail: [log in to unmask]
|