How do you know when a domain is failing DNSSEC validation? What if there was a way to let the broader industry know about these validation failures? The folks over at Comcast’s DNS team have been trying an experiment for a while in posting these DNSSEC validation failures publicly to Twitter at:
If you are a system/network operator deploying DNSSEC and want to be alerted when sites are found to be failing validation, following this Twitter account is one way you can get alerts.
I don’t know whether publishing domains failing DNSSEC validation via Twitter will really be a long-term solution to letting the wider industry know about domains that are currently failing validation, but I applaud Comcast’s DNS team for trying something different … and I do follow the account myself because I find the occasional tweets interesting to see.