[dns-operations] It looks like .BIZ has started blocking EDNS(1) and unknown EDNS flags over IPv4.
Mark Andrews
marka at isc.org
Thu Sep 29 00:52:14 UTC 2016
In message <D411AED1.123B13%gustavo.lozano at icann.org>, Gustavo Lozano writes:
> Mark,
>
>
> I performed tests in the past 48 hours, and I have
> not been able to replicate your results. Probably, I performed my tests
> after
> the issue was resolved, or the issue was present in a subset of node(s) of
> an
> anycast cloud and we are reaching different servers.
>
>
> Are you running your tests from different points on the Internet?
> Would it be possible to add the NSID(s), if available, to your report?
>
>
> Thank you,
> Gustavo
> ICANN
.BIZ fixed it within hours of reporting the issue.
It's currently clean. https://ednscomp.isc.org/ednscomp/cf1bf4f539
https://ednscomp.isc.org/ednscomp is available for testing any
zone's servers for EDNS compliance.
Yesterday's EDNS Compliance report for TLD's can be found at
https://ednscomp.isc.org/compliance/tld-report.html
Timeouts need careful analysis.
e.g.
e.dns.kr is non compliant
?.zdnscloud.com seem to be overloaded
dns?.kw are non compliant
.mil's servers are non compliant
ns?.kptc.kp are non compliant
dns1.gov.ps is non compliant
Mark
> On 9/25/16, 20:56, "dns-operations on behalf of Mark Andrews"
> <dns-operations-bounces at dns-oarc.net on behalf of marka at isc.org> wrote:
>
> >
> >Did someone decide to upgrade a firewall?
> >
> >reports/tld.2016-09-24T00:00:00Z:biz. @156.154.124.65 (a.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @2001:502:ad09::30 (a.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @156.154.125.65 (b.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @156.154.127.65 (c.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @156.154.126.65 (e.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @2001:500:3682::12 (f.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @209.173.58.66 (f.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @156.154.128.65 (k.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-24T00:00:00Z:biz. @2001:503:e239::3:2 (k.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @156.154.124.65 (a.gtld.biz.):
> >dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout
> >do=ok ednsflags=timeout optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @2001:502:ad09::30 (a.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @156.154.125.65 (b.gtld.biz.):
> >dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout
> >do=ok ednsflags=timeout optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @156.154.127.65 (c.gtld.biz.):
> >dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout
> >do=ok ednsflags=timeout optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @156.154.126.65 (e.gtld.biz.):
> >dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout
> >do=ok ednsflags=timeout optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @2001:500:3682::12 (f.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @209.173.58.66 (f.gtld.biz.):
> >dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout
> >do=ok ednsflags=timeout optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @156.154.128.65 (k.gtld.biz.):
> >dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout
> >do=ok ednsflags=timeout optlist=ok signed=ok,yes ednstcp=ok
> >reports/tld.2016-09-25T00:00:00Z:biz. @2001:503:e239::3:2 (k.gtld.biz.):
> >dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=ok edns1opt=ok do=ok
> >ednsflags=ok optlist=ok signed=ok,yes ednstcp=ok
> >
> >--
> >Mark Andrews, ISC
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> >_______________________________________________
> >dns-operations mailing list
> >dns-operations at lists.dns-oarc.net
> >https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> >dns-operations mailing list
> >https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> >
>
> --B_3557928735_10529790
> Content-Type: application/pkcs7-signature; name="smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7s"
>
> MIISWQYJKoZIhvcNAQcCoIISSjCCEkYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
> ECUwggWVMIIEfaADAgECAhAMQUh3JZMnZ//DACJVuxbiMA0GCSqGSIb3DQEBBQUAMGIxCzAJ
> BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2Vy
> dC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IEFzc3VyZWQgSUQgQ0EtMTAeFw0xNjA2MDIwMDAw
> MDBaFw0xOTA2MDExMjAwMDBaMIHDMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
> YTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxPDA6BgNVBAoTM0ludGVybmV0IENvcnBvcmF0aW9u
> IGZvciBBc3NpZ25lZCBOYW1lcyBhbmQgTnVtYmVyczEiMCAGA1UEAxMZR3VzdGF2byBMb3ph
> bm8gMjAxNi0wNi0wMTEnMCUGCSqGSIb3DQEJARYYZ3VzdGF2by5sb3phbm9AaWNhbm4ub3Jn
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK5IQLt9Eu9j5MXWNvqktU+qCadx
> nQO8Dj2unPn0EJ+fil/DY5EMyc2Lj8EIfyTs8qGTGtrzw3uUNnfWv/VGLEDemorcy9CgVUi9
> 4L+pV0KRCSQFM4SYfZWxRWOABiANfE5CPvGDC5EvUbXxRkoVvCH0sGpRuKu4aqtwGJBdyRW5
> 0xo20vFsmy4Jm90rxHd1sd1cAfz5ffQjd/FD0z1/3cFyVHEAdwx/YdJrB56mpXSqOJsqqdYP
> 1/KpbODyNMh47KvPBq5NLZhclLIeVwureSoUFhhD9+UWORhLlRPTdGMFcyRuSbKdXbJR6K7a
> TZ4WqnH5QFbnKdNZN/83qw2JawIDAQABo4IB4zCCAd8wHwYDVR0jBBgwFoAUFQASKxOYspkH
> 7R7for5XDStnAs0wHQYDVR0OBBYEFA2vYZIJHy5dHhAIrqN1nexvkI8cMAwGA1UdEwEB/wQC
> MAAwIwYDVR0RBBwwGoEYZ3VzdGF2by5sb3phbm9AaWNhbm4ub3JnMA4GA1UdDwEB/wQEAwIF
> oDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwQwYDVR0gBDwwOjA4BgpghkgBhv1s
> BAECMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfQYDVR0f
> BHYwdDA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElE
> Q0EtMS5jcmwwOKA2oDSGMmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3Vy
> ZWRJRENBLTEuY3JsMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au
> ZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
> RGlnaUNlcnRBc3N1cmVkSURDQS0xLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAqAgI8bC8qDYg
> RiYEsrvV+w+EnGNnPVCor19+OLF9V5m5jkktGhjm4UuyCrMkGS2W+wXkCrtE41p7s4rByoEP
> mr6WfcigJR917uFSCT7tnPtnfmnIsPsBICjZJfvQPJ43OKJ22eZM/Wi3Hcknup+ZD17FJskO
> xD0Tycrh/yq+oa4cPeiWkQlM0y0gqTCyidNAIT6OrApqKJ3ldKYTFmAesVnfyYKOkjAUurUB
> YyrpRmgZ26etSoen93OqaDlFd7xgtPoBso50ZnCp5aMLckWeKKGPA4ADJtiMIL9JTtLXJMQ6
> LIpO66GOlzvSxJ3M+rgq50OTN5KYkMJwzh/SHGNWRjCCBs0wggW1oAMCAQICEAb9+QOWA63q
> AArrPye7uhswDQYJKoZIhvcNAQEFBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD
> ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg
> QXNzdXJlZCBJRCBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTIxMTExMDAwMDAwMFowYjEL
> MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj
> ZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgQXNzdXJlZCBJRCBDQS0xMIIBIjANBgkqhkiG
> 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IItmfnKwkKVpYBzQHDSnlZUXKnE0kEGj8kz/E1FkVyB
> n+0snPgWWd+etSQVwpi5tHdJ3InECtqvy15r7a2wcTHrzzpADEZNk+yLejYIA6sMNP4YSYL+
> x8cxSIB8HqIPkg5QycaH6zY/2DDD/6b3+6LNb3Mj/qxWBZDwMiEWicZwiPkFl32jx0PdAug7
> Pe2xQaPtP77blUjE7h6z8rwMK5nQxl0SQoHhg26Ccz8mSxSQrllmCsSNvtLOBq6thG9IhJtP
> QLnxTPKvmPv2zkBdXPao8S+v7Iki8msYZbHBc63X8djPHgp0XEK4aH631XcKJ1Z8D2KkPzIU
> YJX9BwSiCQIDAQABo4IDejCCA3YwDgYDVR0PAQH/BAQDAgGGMDsGA1UdJQQ0MDIGCCsGAQUF
> BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDCCAdIGA1UdIASC
> AckwggHFMIIBtAYKYIZIAYb9bAABBDCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGln
> aWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFS
> AEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABl
> ACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAg
> AHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABl
> ACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBo
> AGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBl
> ACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBm
> AGUAcgBlAG4AYwBlAC4wCwYJYIZIAYb9bAMVMBIGA1UdEwEB/wQIMAYBAf8CAQAweQYIKwYB
> BQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYB
> BQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJv
> b3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E
> aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0
> LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0OBBYEFBUAEisTmLKZB+0e
> 36K+Vw0rZwLNMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEB
> BQUAA4IBAQBGUD7Jtygkpzgdtlspr1LPUukxR6tWXHvVDQtBs+/sdR90OPKyXGGinJXDUOSC
> uSPRujqGcq04eKx1XRcXNHJHhZRW0eu7NoR3zCSl8wQZVann4+erYs37iy2QwsDStZS9Xk+x
> BdIOPRqpFFumhjFiqKgz5Js5p8T1zh14dpQlc+Qqq8+cdkvtX8JLFuRLcEwAiR78xXm8TBJX
> /l/hHrwCXaj++wc4Tw3GXZG5D2dFzdaD7eeSDY2xaYxP+1ngIw/Sqq4AfO6cQg7Pkdcntxbu
> D8O9fAqg7iwIVYUiuOsYGk38KiGtSTGDR5V3cdyxG0tLHBCcdxTBnU8vWpUIKRAmMIIDtzCC
> Ap+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJV
> UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
> IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcN
> MzExMTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
> FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElE
> IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg
> +XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
> mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ
> 2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwx
> mDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0
> kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAP
> BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSME
> GDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONy
> c3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmr
> EthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
> NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPxH2sMNgcW
> fzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe+o0bJW1sj6W3YQGx
> 0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8jGCAfwwggH4AgEBMHYwYjELMAkGA1UE
> BhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNv
> bTEhMB8GA1UEAxMYRGlnaUNlcnQgQXNzdXJlZCBJRCBDQS0xAhAMQUh3JZMnZ//DACJVuxbi
> MAkGBSsOAwIaBQCgXTAjBgkqhkiG9w0BCQQxFgQUUa8DDuBop5lxUX7fA5i7ZuBIfn8wGAYJ
> KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwOTI5MDAzMjE1WjAN
> BgkqhkiG9w0BAQEFAASCAQCmmSqGaEFaNLPll1GRSRayFZJt8zYaazNB6tO20wJRytL9wdvC
> K3xh3jeEUwDp3+dyMXLyFizdDmSjzwZhQJkYh9OOIZFTeTv/PrjjrOSSp4RHlKgQCIAdCf2B
> b44QlAdqBmDLSJbRZ1dOOWP5UL22Zxs5FRIKSN6bvtw4FRVN9mKB2U9VQx3ce3qTmzljamwc
> GGT0wdC6luNkLXYJdyCAdCmy6efTZs3CPcGhDW+j7Xbz9yXCbrAITNFJGV4/WKRBzmNiJj0e
> CvzopGEuKOf6SZg3ES8ie69EzlHqpCLknrxE0Kvb6MTokTq4esFs6cSFWKsplt6k5WIkjD58
> kqJw
>
> --B_3557928735_10529790--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list