Hacker News new | past | comments | ask | show | jobs | submit login
Transdep: Find single points of failure in DNS dependency graphs (github.com)
45 points by based2 17 days ago | hide | past | web | favorite | 2 comments

I don't find the complaints about noncompliance to rfc8020, a 2016 rfc altogether convincing. Yes, it might have been nice if everybody complied, but changing the rules 30 years in and expecting people to change right away is a bit uh optimistic.

> ...when a DNS resolver receives a response with a response code of NXDOMAIN, it means that the domain name which is thus denied AND ALL THE NAMES UNDER IT do not exist.

Good lord, TIL

While I agree that it would be better for everyone if dnssec and edns was universally adopted, I can't shake the feeling that DNS Flag day, the state of the surrounding tools they put out and the sponsors of it are pushing the hard stance for reasons other than internet security.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact