More security for root DNS servers
From today (Wednesday) at 5pm CET, the K DNS root server operated by the European RIPE internet registry will provide a DNS zone signed with the DNSSEC security protocol. Two hours earlier, the D-Root server operated by the University of Maryland will start returning signed responses. The E-Root server operated by NASA is scheduled to follow in the early evening.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump