[dns-operations] Some DNSSEC trivia

Mark Andrews Mark_Andrews at isc.org
Tue Jan 8 23:46:40 UTC 2008

> On Tue, 08 Jan 2008, Paul Vixie wrote:
> > i wish that every registry would do this.
> Why?  What harm (aside from offending aesthetic sensibilities) are
> lame delegations causing?
> Matt

	Well some of the lame delegations result is cache poisioning
	attempts.  There are old caches that do accept and cache
	"COM NS random.host" from the authority section.

	There are lots of other conditions that should be checked for.

		Non RFC 1034 compliant servers.

	* respond correctly to SOA queries.
	* respond correctly to AAAA queries.
	* respond correctly to multiple EDNS queries.
		Idiots with firewalls.

	* respond to queries from port 53.
	* respond to queries from well know UDP malware source ports.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the dns-operations mailing list