[dns-operations] isphuset.no/fsdata.se DNSSEC breakage
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Sep 5 18:50:25 UTC 2016
> On Sep 5, 2016, at 1:09 PM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>
> So, to be clear,
>
> On Mon, Sep 05, 2016 at 12:32:04PM +1000, Mark Andrews wrote:
>>
>> After another week or so request that .NO remove the delegations,
>> if it is still not fixed.
> […]
>> There has to be a penalty for continuing to use nameservers that
>> cause operational problems.
>
> your recommendation for fixing the thing that causes some operational
> problems is to make sure that the domain is broken for every possible
> operational case. Right?
One way or another, perhaps with the aid of a not too subtle threat,
or just "public shaming", the issue seems to be getting some new
attention. I for one was not about to immediately launch the
missiles, without giving the various parties another chance to
resolve the issue in a reasonably timely manner.
In my original post I said:
> The 391 (that I've been able to find) problem domains are below my
> signature. The provider (swebby.se) with the next largest block
> of problem domans has only ~35 domains to remediate.
Interestingly enough, the swebby.se issue had been fixed quite
recently (perhaps just before my post), so that now the next
largest batch of problem domains are with:
33 infracom.nl
29 axc.nl
The infracom nameservers seem to have quite some trouble with
wildcard CNAMEs, e.g.:
http://dnsviz.net/d/_25._tcp.acemarketing.nl/dnssec/
but also some more exotic problems:
http://dnsviz.net/d/_25._tcp.benesdelfzijl.com/dnssec/
While axc.nl has been a black hole for problem reports for over
a year and seems to be returning NODATA along with NXDOMAIN proofs:
http://dnsviz.net/d/_25._tcp.atie.be/dnssec/
http://dnsviz.net/d/_25._tcp.ation.be/dnssec/
...
--
Viktor.
More information about the dns-operations
mailing list