.de TLD offline due to DNSSEC

whynotlearn

https://dnssec-analyzer.verisignlabs.com/nic.de

Seems to be the case that all .de domains are offline (aside from some who are cached, but from my understanding seems to be the case that when the cache dries out, its gonna be all the domains)

stable_genius

This is terrible, I'll lose millions per minute because of this. Oh wait.. I don't have any .de domains.

Phew... that was close. Thank God I did not buy any .de domains.

Nyr

dupe

NotFoundException

@Nyr said:
dupe

Nope, your dupe is the dupe

Nyr

@NotFoundException said: Nope, your dupe is the dupe

Indeed, should've read the time.

zed

proof that dnssec is bad.

brueggus

@zed said:
proof that dnssec is bad.

totally_not_banned

Well, i don't like dnssec either.

beanman109

i use dnssex for some domains but i still dont even know what it does

totally_not_banned

@beanman109 said:
i still dont even know what it does

Pretty much this and it pisses me off.

whynotlearn

@Nyr said:
dupe

Its actually the opposite but no worries I think :-D

zed

hey no worries cloudflare is on it https://www.cloudflarestatus.com/incidents/vjrk8c8w37lz

can't wait for the blog

https://ianix.com/pub/dnssec-outages.html

"Terminology note: The coveted 1000-day DNSSEC outage is known as a kiloday."

jsg

I hate to say it, but Kudos to CF for

CF said:
Cloudflare has temporarily disabled DNSSEC validation for .de domains on 1.1.1.1 resolver (as per RFC 7646) in order to allow .DE names to continue to resolve.

But of bloody course billions of domain tampering and other evil cases will come up now!!! * shriek

The RFC mentioned indicates that at least some modicum of reason was left when going DNSSEC.

My .de domain (the only one left since I made a hard turn away from denic) of course is not DNSSEC infested.

zed

@jsg said:
I hate to say it, but Kudos to CF for

CF said:
Cloudflare has temporarily disabled DNSSEC validation for .de domains on 1.1.1.1 resolver (as per RFC 7646) in order to allow .DE names to continue to resolve.

But of bloody course billions of domain tampering and other evil cases will come up now!!! * shriek

The RFC mentioned indicates that at least some modicum of reason was left when going DNSSEC.

My .de domain (the only one left since I made a hard turn away from denic) of course is not DNSSEC infested.

Purists will shriek about tampering etc for sure but imo this illustrates why dnssec is theater anyway. The #2(?) public resolver just flipped it off for reasons oh well.

jsg

@zed said:

@jsg said:
I hate to say it, but Kudos to CF for

CF said:
Cloudflare has temporarily disabled DNSSEC validation for .de domains on 1.1.1.1 resolver (as per RFC 7646) in order to allow .DE names to continue to resolve.

But of bloody course billions of domain tampering and other evil cases will come up now!!! * shriek

The RFC mentioned indicates that at least some modicum of reason was left when going DNSSEC.

My .de domain (the only one left since I made a hard turn away from denic) of course is not DNSSEC infested.

Purists will shriek about tampering etc for sure but imo this illustrates why dnssec is theater anyway. The #2(?) public resolver just flipped it off for reasons oh well.

Guess why I didn't join the DNSSAK cult ...

Void

Dnssuc