Closed Bug 1629821 Opened 6 years ago Closed 5 years ago

Avoid CNAMEs to unsigned destinations on cdn.mozilla.net

Categories

(Infrastructure & Operations :: DNS and Domain Registration, defect)

Product:
Infrastructure & Operations
Component:
DNS and Domain Registration
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: sjw+bugzilla, Assigned: cshields)

References

(
URL
)

Details

(Whiteboard: [dnssec])

+++ This bug was initially created as a clone of Bug #1629819 +++

Some DNSSEC chains are currently broken due missing signatures on CNAME destinations. See e.g. AMO.

See Also: → 1629823
Whiteboard: [dnssec]

Working with key stakeholders, we made the decision to stop signing dnssec on the very few zones that were being signed. The adoption was not consistent, and to make everything work across multiple delegations and cloud providers with very dynamic targets would be an effort we can not justify undertaking right now (or in the foreseeable future). You should no longer see DS records for mozilla.net

Assignee: infra → cshields
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.