[dns-operations] Hall of DNS Shame (?)
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Jan 24 14:21:35 UTC 2017
On Tue, Jan 24, 2017 at 02:46:37PM +0100, Ondřej Surý wrote:
> I've been thinking lately (after seeing all the DNS protocol violations)
> that a collaborative list of all DNS protocol violations in the wild
> might be beneficial to both DNS implementors and also to increase a
> pressure on those operators to fix their issues.
>
> Perhaps we can have such list at some neutral place like DNS-OARC?
>
> Unfortunately I have a plenty of material I can contribute as of this
> moment.
>
> My favorite one is log.kmplayer.com that just appends some extra \0
> bytes after the last RRSet in the answer. (Probably allocating a
> fixed sized buffer and sending it whole instead of just the part
> that was filled?)
I can contribue a bunch of DNS operators that botch authenticated
denial of existence in a variety of ways, some instead mangle SOA
record signatures, and some others drop requests for TLSA records.
--
Viktor.
More information about the dns-operations
mailing list