HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mcesch

no profile record

comments

mcesch
·il y a 3 ans·discuss
That's a bit overblown. There's a lot there and some of it conflicts with itself but it's not unmeasurably large by any means. It's a knowable protocol (and yes, I'm aware of the camel meme[1]).

1. https://powerdns.org/dns-camel/
mcesch
·il y a 3 ans·discuss
DNSSEC is around the 4~5% mark in .com and .net.
mcesch
·il y a 3 ans·discuss
OpenDNSSEC's first release was before the root was signed so perhaps there's some assumptions in it that need revisiting.
mcesch
·il y a 3 ans·discuss
I only know of proprietary tooling for this sort of thing. I'd imagine it'd be tough to sell as a product or service so it'd probably have to be someones labor of love.
mcesch
·il y a 3 ans·discuss
It's implementation dependent. If I recall correctly unbound defaults to caching bogus responses for 60 seconds and BIND for 30 seconds.
mcesch
·il y a 3 ans·discuss
Outsourcing isn't a panacea. `.au` is outsourced to Identity Digital (formerly Afilias) and they managed to flub their configuration recently too[1].

1. https://www.auda.org.au/statement/au-domain-name-system-upda...
mcesch
·il y a 3 ans·discuss
I don't know why Cloudflare, like Amazon, often get a free-pass on HN for their DNS implementation bugs. Regardless of DNSSEC's merits or otherwise, this bug isn't inherent to DNSSEC.
mcesch
·il y a 3 ans·discuss
Having had to troubleshoot a third-party service not so dissimilar to 1.1.1.1 and prove to them that their infrastructure was misbehaving in a similar manner, I'll take the error thank you.
mcesch
·il y a 3 ans·discuss
If the field is unimportant you'd represent it as such. `Option` or `Maybe` or whatever the equivalent wrapper is in your language of choice.