[dns-operations] Hall of DNS Shame (?)

Ondřej Surý ondrej.sury at nic.cz
Tue Jan 24 13:46:37 UTC 2017


I've been thinking lately (after seeing all the DNS protocol violations)
that a collaborative list of all DNS protocol violations in the wild
might be beneficial to both DNS implementors and also to increase a
pressure on those operators to fix their issues.

Perhaps we can have such list at some neutral place like DNS-OARC?

Unfortunately I have a plenty of material I can contribute as of this

My favorite one is log.kmplayer.com that just appends some extra \0
bytes after the last RRSet in the answer.  (Probably allocating a
fixed sized buffer and sending it whole instead of just the part
that was filled?)

 Ondřej Surý -- Technical Fellow
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej.sury at nic.cz    https://nic.cz/

----- Original Message -----
> From: "Theodore Baschak" <theodore at ciscodude.net>
> To: "dns-operations" <dns-operations at dns-oarc.net>
> Sent: Wednesday, 18 January, 2017 07:16:19
> Subject: Re: [dns-operations] Know anybody at McAfee/Intel Cloud DNS team?

> On Tue, Jan 17, 2017 at 9:13 PM, David < [ mailto:opendak at shaw.ca |
> opendak at shaw.ca ] > wrote:
> SonicWALL ( [ http://webcfs00.com/ | webcfs00.com ] ) is pretty bad at this too.
> Their "noise" account for about 10-15% of our servfail producing queries.
> Similarly, I've seen WISPs block fortigate FWs for their "abuse of port 53" as
> well.

More information about the dns-operations mailing list