alt Hacker NewsThe irony is that DNS is a global and distributed system meant to be resilient. It’s the DNSSEC layer on top in this case causing problems.
Replies
cedilla • yesterday at 10:04 PM
denic is the single source of truth for zones under .de.
The only problem with DNSSEC here is that it's complex.
➕ show 1 reply
The global and distributed system relies on the system actually returning valid responses. If the root servers are broken, whether it's a problem with RRSIG records or A records, the TLD is broken.
If my domains' DNS servers start pointing at localhost, that doesn't mean DNS is a broken protocol.