Hacker News new | ask | show | jobs
by tptacek 982 days ago
unless not doing so would lead to significant harm to others

Ding ding ding.

At any rate: it's very funny that DNSSEC took 1.1.1.1 down, but this bug can't honestly be pinned on DNSSEC itself.
1 comments
dan15 982 days ago
In a way they're lucky DNSSEC took it down, otherwise they may have not noticed the issue of using stale data for much longer.
link
pornel 981 days ago
They have expired the data correctly, which uncovered a bug in fetching of a new DNSSEC record.

If the DNSSEC didn't add new unnecessary complexity to an otherwise working system, there would be no bug, and no stale data.

link