Hacker News new | ask | show | jobs
by HeapsGood 107 days ago
But your ‘lookups’ count doesn’t factor-in nested lookups incurred by ‘include’ directives. Isn’t that the whole point of this? And your ‘security grade’ seems to be incongruous with the look-up count.

And could you detail your use of LLMs in this? It’s straightforward DNS queries, right?

I don’t see options for the ‘safety toggles’ you mentioned.
1 comments
bwoud 107 days ago
"Thanks for the roast – this is exactly the feedback I needed.

Nested Lookups: You are 100% right. The current UI counter is 'naive' (it just regexes the top-level record). The backend (when you click Fix) does the full recursive resolution to find the hidden depth. I will push a patch to make the frontend counter recursive so it matches the actual problem.

Why LLM: I use standard Node dns libraries for the actual resolution (obviously). The LLM is used as a 'fuzzy parser' to re-assemble the broken pieces and generate the explanation text/diffs. It handles syntax errors in the original record gracefully where my strict regex parsers were failing.

Safety Toggles: They currently only appear after you click the 'Fix It' button (in the result modal). That’s a UX fail on my part—I'll move them to the main view so they are visible upfront.

Appreciate you digging in.

link
HeapsGood 107 days ago
Good luck with your updates.

It’d be nice to be able to click on subordinate nodes in the visualization and drill-down into that domain.

Also, be cautious with calling ‘soft fail’ as “safe” and ‘hard fail’ as “secure”. Hard fail is often not the recommended configuration these days, as DKIM can been more appropriate and you may be missing invalidation metrics in DMARC reports due to SMTP connections bailing-out early. Check out M3AAWG guidance.

link
bwoud 107 days ago
Thanks for the M3AAWG reference—that is a great catch.

You are spot on regarding the DMARC interaction. I used 'Safe/Secure' as simplified shorthand for the UI, but you're right that -all can sometimes pre-emptively kill connections before DMARC/DKIM evaluation, causing a loss of reporting data.

I will update the UI labels to be more technical ('SoftFail' / 'HardFail') rather than editorializing them as 'Safe/Secure' to avoid misleading users.

Love the idea of clickable nodes for the visualization drill-down. Adding that to the roadmap for the next sprint.

link