HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mcesch

no profile record

comments

mcesch
·3 years ago·discuss
That's a bit overblown. There's a lot there and some of it conflicts with itself but it's not unmeasurably large by any means. It's a knowable protocol (and yes, I'm aware of the camel meme[1]).

1. https://powerdns.org/dns-camel/
mcesch
·3 years ago·discuss
DNSSEC is around the 4~5% mark in .com and .net.
mcesch
·3 years ago·discuss
OpenDNSSEC's first release was before the root was signed so perhaps there's some assumptions in it that need revisiting.
mcesch
·3 years ago·discuss
I only know of proprietary tooling for this sort of thing. I'd imagine it'd be tough to sell as a product or service so it'd probably have to be someones labor of love.
mcesch
·3 years ago·discuss
It's implementation dependent. If I recall correctly unbound defaults to caching bogus responses for 60 seconds and BIND for 30 seconds.
mcesch
·3 years ago·discuss
Outsourcing isn't a panacea. `.au` is outsourced to Identity Digital (formerly Afilias) and they managed to flub their configuration recently too[1].

1. https://www.auda.org.au/statement/au-domain-name-system-upda...
mcesch
·3 years ago·discuss
I don't know why Cloudflare, like Amazon, often get a free-pass on HN for their DNS implementation bugs. Regardless of DNSSEC's merits or otherwise, this bug isn't inherent to DNSSEC.
mcesch
·3 years ago·discuss
Having had to troubleshoot a third-party service not so dissimilar to 1.1.1.1 and prove to them that their infrastructure was misbehaving in a similar manner, I'll take the error thank you.
mcesch
·3 years ago·discuss
If the field is unimportant you'd represent it as such. `Option` or `Maybe` or whatever the equivalent wrapper is in your language of choice.