You definitely forgot Merkel and Habeck.

Danke Merkel!!1!11!!

It's night. Somebody has to fill a form to approve night work first.

And then fax the form to the correct authority, so that the request is Official(tm).

Well at least that doesn't require functioning DNS. This time around, it in fact could not have been an email :)

In fact it could, you just would address the IP directly instead of a hostname.

I know that people are joking, but of course we also have (extra paid) on call shifts.

And send it by post for approval, which will take 5-30 business days.

Fax, actually! Will still take 5–30 business days for approval, for some reasons

Oh come on, that’s not true. You could also fax it. That might come with an additional processing fee though.

Dont be ridiculous, thats what FAX is for.

I many days would an email take?

To a .de domain?

Of course

Luckily it's not Sunday. Everyone would be out in the country hiking.

Or reading the latest prints about tax filings and how to conduct a compliance audit with pen and paper.

Or sweeping.

https://en.wikipedia.org/wiki/Kehrwoche

That's a sweeping generalization.

Or in Berghain

That's weird cause 8.8.8.8/1.1.1.1 will already answer with SERVFAIL right now, unless the domain is still in the cache.

Whole .de TLD seems to go offline right now due to dnssec or missing nic.de nameservers?

This works:

    $ unbound-host -t A www.denic.de
    www.denic.de has address 81.91.170.12

This does not:

    $ unbound-host -D -t A www.denic.de
    www.denic.de has address 81.91.170.12
    validation failure <www.denic.de. A IN>: signature crypto failed from 194.246.96.1 for DS denic.de. while building chain of trust

So it does seem DNSSEC-related.

EDIT My explanation was wrong, this is not how keytags work. The published keytag data is consistent:

    de. 3600 IN DNSKEY 256 3 8 AwEAAfRLmzuIXVf7x5A0+U7hke0dS+GEJG0EdPhnOthCCLhy0t0WqLyoXJOhnfsTJ8vQX5fd9qOJc9gyr3SWJZkXAhPm3yPSC7FWWHF70WZTKKM9CekmKdqwMwq6ZCjMSUcecCuSF4Sbt1MRszV7rFmfGVklA1l5UzNbqwD+Dr5vfcLn ;{id = 33834 (zsk), size = 1024b}
    de. 3600 IN DNSKEY 257 3 8 AwEAAbWUSd/QN9Ae543xzdiacY6qbjwtZ21QfmdgxRdm4Z7bjjHWy249uqxCyjjjoS4LDoRDKmj7ElffMKvTWKE1qFKu0p8TUy4wyhX0M+m5FUjvQ3CiZMi+qY7GSHA5B+Zd73cidmnTeb3e8lso6jEsXg05/VZ2AyAqWF6FexEIFxIqiwwLk4UP0BwZ17Ur3q1qx9VSbPMyHgQ9d6nHUN1EEJsTDA2v0vKumsUyp74ZanRZ/bB/6IzpaaZyr5BLF5pSCNdbRNjVmkwYD0993vm79LueyOeibsoHRc16jhALrIJou1PFjdq7YQsYN0KtqRiJtaAfPprDBREpeamPuW/MnW0= ;{id = 26755 (ksk), size = 2048b}
    de. 3600 IN DNSKEY 256 3 8 AwEAAbTe1PJi8EgIudNGb+KRTxBL2aCu5rXkZ+aIe/TC88pwRdrXYeXODp1ihZWFop5CrbWRBLrk/YUPBE8aBc6oJP+58dSkdMLYkjSkmvdvYx+zXnRLWlF2bapxvZxshATJDfGjGbCiWxKEOoyRx3UhICtHC+cUSddsEvzfacUcBb6n ;{id = 32911 (zsk), size = 1024b}
    de. 3600 IN RRSIG DNSKEY 8 1 3600 20260519030655 20260505013655 26755 de. ke56T5GZt/X6zMBAF+ouyCTnAd7RY7MsnDcfa9jyyOwSouRXhvzim/V13JDTMBAnpAHxWQXoruXrAZ6A6re5N+8Pp2utVkAEKTWs0r4UOLNKoZ2+zMwNplKjNNnY5PJIbHfa5myyziLiIsi//qDIgQEACFk+pZcHXrRdqRoXPCL3UtfaXjk3+duDQdlPnYsJys5UshjVpkALSMChW7J0anzr0sG+f9ytstBneymMwFYOUC3NqbejbLPZsXGPZBQKPAoVJuV5q3znopbcqrDFfjI7bmX3QPYNvOaiT1ElBfi2piJVpDzMaMAmm2jCmvrf5VeTOBccMroh8sBtDPsaEg== ;{id = 26755}

The signature on the SOA record still does not verify:

    de. 86400 IN SOA f.nic.de. dns-operations.denic.de. 1778014672 7200 7200 3600000 7200
    de. 86400 IN RRSIG SOA 8 1 86400 20260519205754 20260505192754 33834 de. aZoiAJ+PaHUDVSHNXfV/R26ZK3GpFB7ek2Z46VnZdmPEDaTww+a7PkiQ98W83xohUunXYSvQCMeGYfUre5UT76eBKThdxW2a6ImX9/x/oEzQ9x/69Y/NSeTckOv9m3HCLBOug01op1koiHOIAVEvonOmXEHHqo1P4sR/fNbcVg4= ;{id = 33834}

not all: https://www.heise.de/ works

Doesn't work here, at least not anymore. Every single .de domain I have tried doesn't resolve.

Probably just a high TTL.

can confirm, at least another 54k seconds from where i sit

Thanks. I was about to ask that.

> Is the middleman's nationality that important

No, it's not. You're absolutely right on that.

It's just someone you don't know who actually runs it due to no proper imprint promoting their business over someone else who you also don't know who actually runs it. So you send all your valuable business data to unknown guy A instead of unknown guy B. Oh, and also, in both cases you couldn't even sign a proper data subprocessing agreement with both guys. You can't sign it with guy A, who doesn't care, and you also can't sign it with guy B who says he's from Europe, does not even bother to provide an address to prove that, and obviously does not understand the GDPR.

Net souvereignty gain is zero by switching the middle man. In fact I'd say using such a "European" router service is actually worse than making business directly with, let's say, AWS, OpenAI or Anthropic where you'd at least know where you're buying from.

Secret Piefke :-)

I've been called worse :)

Now this was an article where I didn't even need to read the article. The headline was all I needed to know it has all the same complaints I do.

Wanted to try a demo, but instead of downloading it time-limited or something, there's some kind of Web demo. But it's buggy in that it at least does not scroll the list at all when using the cursor keys instead of the mouse.

Bugs like these in the very thing which is supposed to convince me of buying do not exactly increase my trust :-)

I especially like that it's a single executable according to the docs.

Recently evaluated other testing tools/frameworks and if you're not already running the npm-dependencyhell-shitshow for your projects, most tools will pull in at least 100 dependencies.

I might be old fashioned but that's just too much for my taste. I love single-use tools with limited scope like e.g. esbuild or now this.

Will give this a try, soon.

Glad you noticed! I've been putting quite some energy into keeping things this way. VERY worth it, IMO.