Den 08-12-2021 kl. 15:32 skrev Niels Bakker:
* darkde...@darkdevil.dk (Arne Jensen) [Wed 08 Dec 2021, 15:23 CET]:
To me, that part of it also points towards a broken implementation at
CloudFlare, letting a bogus (insecure) responses take effect anyway.
Or they prefer allowing people to visit websites over punishing system
administrators for operational failures that less secure (read:
nonvalidating) ISPs wouldn't inflict on their customers.
I find it hard to believe that CloudFlare would do such though, however,
while such kind of things could indeed be the cause, I'm personally
going towards "Rather safe, than sorry".
It's been quite common for DNSSEC-enabled recursors to add overrides
for outaged domains in situations like this.
Unfortunately, yes, overrides are too common for many different things.
Time for them (the overrides) to die completely.
It looks like the error has been mitigated, by the way, so this manual
override may not even have happened.
+1.
--
Med venlig hilsen / Kind regards,
Arne Jensen