undefined | Better HN

0 pointsmedguru3y ago0 comments

CF's authorative servers ("hasslo" and "crystal") respond correctly when queried directly, but that doesn't really help the situation.

0 comments

phillipseamore3y ago

Then it sounds like you are caught in cache limbo. It might be prudent for CF to have their DNSSEC setup so that users can't disable it instantly (or enable again instantly) and have a minimum of 12/24/48h between changing DNSSEC state. I'd guess that by now most caching DNS resolvers might have different signatures (old registrar, first CF DNSSEC and second CF DNSSC).

j / k navigate · click thread line to collapse

0 pointsmedguru3y ago0 comments

CF's authorative servers ("hasslo" and "crystal") respond correctly when queried directly, but that doesn't really help the situation.

0 comments

phillipseamore3y ago

j / k navigate · click thread line to collapse