Deploy360 29 March 2013

Comcast Publishing Domains Failing DNSSEC Via Twitter

By Dan YorkDirector, Internet Technology

Comcast DNS Twitter accountHow do you know when a domain is failing DNSSEC validation? What if there was a way to let the broader industry know about these validation failures?  The folks over at Comcast’s DNS team have been trying an experiment for a while in posting these DNSSEC validation failures publicly to Twitter at:

If you are a system/network operator deploying DNSSEC and want to be alerted when sites are found to be failing validation, following this Twitter account is one way you can get alerts.

I don’t know whether publishing domains failing DNSSEC validation via Twitter will really be a long-term solution to letting the wider industry know about domains that are currently failing validation, but I applaud Comcast’s DNS team for trying something different … and I do follow the account myself because I find the occasional tweets interesting to see.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...