Comment by elevation
16 hours ago
I've considered hard-coding some addresses into firmware as a fallback for a DNS outtage (which is more likely than not just misconfigured local DNS.) Events like this help justify this approach to the unconcerned.
16 hours ago
I've considered hard-coding some addresses into firmware as a fallback for a DNS outtage (which is more likely than not just misconfigured local DNS.) Events like this help justify this approach to the unconcerned.
The irony is that DNS is a global and distributed system meant to be resilient. It’s the DNSSEC layer on top in this case causing problems.
The global and distributed system relies on the system actually returning valid responses. If the root servers are broken, whether it's a problem with RRSIG records or A records, the TLD is broken.
If my domains' DNS servers start pointing at localhost, that doesn't mean DNS is a broken protocol.
denic is the single source of truth for zones under .de.
The only problem with DNSSEC here is that it's complex.
A complex thing where making a mistake makes your domains drop off the internet seems like a pretty big "only problem".