HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mcesch

no profile record

comments

mcesch
·3 года назад·discuss
That's a bit overblown. There's a lot there and some of it conflicts with itself but it's not unmeasurably large by any means. It's a knowable protocol (and yes, I'm aware of the camel meme[1]).

1. https://powerdns.org/dns-camel/
mcesch
·3 года назад·discuss
DNSSEC is around the 4~5% mark in .com and .net.
mcesch
·3 года назад·discuss
OpenDNSSEC's first release was before the root was signed so perhaps there's some assumptions in it that need revisiting.
mcesch
·3 года назад·discuss
I only know of proprietary tooling for this sort of thing. I'd imagine it'd be tough to sell as a product or service so it'd probably have to be someones labor of love.
mcesch
·3 года назад·discuss
It's implementation dependent. If I recall correctly unbound defaults to caching bogus responses for 60 seconds and BIND for 30 seconds.
mcesch
·3 года назад·discuss
Outsourcing isn't a panacea. `.au` is outsourced to Identity Digital (formerly Afilias) and they managed to flub their configuration recently too[1].

1. https://www.auda.org.au/statement/au-domain-name-system-upda...
mcesch
·3 года назад·discuss
I don't know why Cloudflare, like Amazon, often get a free-pass on HN for their DNS implementation bugs. Regardless of DNSSEC's merits or otherwise, this bug isn't inherent to DNSSEC.
mcesch
·3 года назад·discuss
Having had to troubleshoot a third-party service not so dissimilar to 1.1.1.1 and prove to them that their infrastructure was misbehaving in a similar manner, I'll take the error thank you.
mcesch
·3 года назад·discuss
If the field is unimportant you'd represent it as such. `Option` or `Maybe` or whatever the equivalent wrapper is in your language of choice.