HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mcesch

no profile record

comments

mcesch
·3 anni fa·discuss
That's a bit overblown. There's a lot there and some of it conflicts with itself but it's not unmeasurably large by any means. It's a knowable protocol (and yes, I'm aware of the camel meme[1]).

1. https://powerdns.org/dns-camel/
mcesch
·3 anni fa·discuss
DNSSEC is around the 4~5% mark in .com and .net.
mcesch
·3 anni fa·discuss
OpenDNSSEC's first release was before the root was signed so perhaps there's some assumptions in it that need revisiting.
mcesch
·3 anni fa·discuss
I only know of proprietary tooling for this sort of thing. I'd imagine it'd be tough to sell as a product or service so it'd probably have to be someones labor of love.
mcesch
·3 anni fa·discuss
It's implementation dependent. If I recall correctly unbound defaults to caching bogus responses for 60 seconds and BIND for 30 seconds.
mcesch
·3 anni fa·discuss
Outsourcing isn't a panacea. `.au` is outsourced to Identity Digital (formerly Afilias) and they managed to flub their configuration recently too[1].

1. https://www.auda.org.au/statement/au-domain-name-system-upda...
mcesch
·3 anni fa·discuss
I don't know why Cloudflare, like Amazon, often get a free-pass on HN for their DNS implementation bugs. Regardless of DNSSEC's merits or otherwise, this bug isn't inherent to DNSSEC.
mcesch
·3 anni fa·discuss
Having had to troubleshoot a third-party service not so dissimilar to 1.1.1.1 and prove to them that their infrastructure was misbehaving in a similar manner, I'll take the error thank you.
mcesch
·3 anni fa·discuss
If the field is unimportant you'd represent it as such. `Option` or `Maybe` or whatever the equivalent wrapper is in your language of choice.