The irony is that DNS is a global and distributed system meant to be resilient. It’s the DNSSEC layer on top in this case causing problems.
replyThe global and distributed system relies on the system actually returning valid responses. If the root servers are broken, whether it's a problem with RRSIG records or A records, the TLD is broken.
replyIf my domains' DNS servers start pointing at localhost, that doesn't mean DNS is a broken protocol.
denic is the single source of truth for zones under .de.
replyThe only problem with DNSSEC here is that it's complex.
A complex thing where making a mistake makes your domains drop off the internet seems like a pretty big "only problem".
reply