Hi Nathan, List, On Tue, 11 Feb 2014 11:51:14 +1300, Nathan Ward wrote:
I’ve been talking about this with one of my customers recently, and there’s a concern by some that turning on validation will trip false positives - which for an ISP is a bad thing to do - all the customer sees is that you 'don’t work' while the other ISP does.
Is there public data available re. this? Does it likely vary much for NZ?
Acknowleding that we don't really service a lot of "eyeballs" customers compared to others who are deeper in to the residential/SOHO markets, and that I'm yet to properly bother collecting hard numbers for this (mostly because so far nobody has complained), I don't think we've had a single support call about DNSSEC validation failure false positive yet. We've been running validating unbound resolvers in front of our broadband customers (including a couple of WISPs who borrowed our recursor infrastructure) since (I believe) around February of 2012, looking at our change management system. -- Michael Fincham System Administrator, Unleash