[dns-operations] Please issue CVEs for servers that BADVERS/FORMERR for Unknown EDNS options.

Pieter Lexis pieter.lexis at powerdns.com
Tue Feb 14 11:24:12 UTC 2017

Hi Mark,

On Tue, 14 Feb 2017 12:58:10 +1100
Mark Andrews <marka at isc.org> wrote:

> Servers with these behaviours are causing interop issues.

Mitre describes CVE's as "Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities"[1].
The desire to get these bad implementations off the internet, bad interop is not a security issue by itself and I don't believe CVE's will be issued for these issues.

The dns-violations initiative, combined with informing vendors, users and operators might be only way to do this.

Best regards,


1 - https://cve.mitre.org/about/

More information about the dns-operations mailing list