
Transdep: Find single points of failure in DNS dependency graphs - based2
https://github.com/ANSSI-FR/transdep
======
toast0
I don't find the complaints about noncompliance to rfc8020, a 2016 rfc
altogether convincing. Yes, it might have been nice if everybody complied, but
changing the rules 30 years in and expecting people to change right away is a
bit uh optimistic.

~~~
rednixion
> ...when a DNS resolver receives a response with a response code of NXDOMAIN,
> it means that the domain name which is thus denied AND ALL THE NAMES UNDER
> IT do not exist.

Good lord, TIL

While I agree that it would be better for everyone if dnssec and edns was
universally adopted, I can't shake the feeling that DNS Flag day, the state of
the surrounding tools they put out and the sponsors of it are pushing the hard
stance for reasons other than internet security.

