HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mcesch

no profile record

comments

mcesch
·3 tahun yang lalu·discuss
That's a bit overblown. There's a lot there and some of it conflicts with itself but it's not unmeasurably large by any means. It's a knowable protocol (and yes, I'm aware of the camel meme[1]).

1. https://powerdns.org/dns-camel/
mcesch
·3 tahun yang lalu·discuss
DNSSEC is around the 4~5% mark in .com and .net.
mcesch
·3 tahun yang lalu·discuss
OpenDNSSEC's first release was before the root was signed so perhaps there's some assumptions in it that need revisiting.
mcesch
·3 tahun yang lalu·discuss
I only know of proprietary tooling for this sort of thing. I'd imagine it'd be tough to sell as a product or service so it'd probably have to be someones labor of love.
mcesch
·3 tahun yang lalu·discuss
It's implementation dependent. If I recall correctly unbound defaults to caching bogus responses for 60 seconds and BIND for 30 seconds.
mcesch
·3 tahun yang lalu·discuss
Outsourcing isn't a panacea. `.au` is outsourced to Identity Digital (formerly Afilias) and they managed to flub their configuration recently too[1].

1. https://www.auda.org.au/statement/au-domain-name-system-upda...
mcesch
·3 tahun yang lalu·discuss
I don't know why Cloudflare, like Amazon, often get a free-pass on HN for their DNS implementation bugs. Regardless of DNSSEC's merits or otherwise, this bug isn't inherent to DNSSEC.
mcesch
·3 tahun yang lalu·discuss
Having had to troubleshoot a third-party service not so dissimilar to 1.1.1.1 and prove to them that their infrastructure was misbehaving in a similar manner, I'll take the error thank you.
mcesch
·3 tahun yang lalu·discuss
If the field is unimportant you'd represent it as such. `Option` or `Maybe` or whatever the equivalent wrapper is in your language of choice.