[dns-operations] Hall of DNS Shame (?)

Viktor Dukhovni ietf-dane at dukhovni.org
Tue Jan 24 14:21:35 UTC 2017

On Tue, Jan 24, 2017 at 02:46:37PM +0100, Ondřej Surý wrote:

> I've been thinking lately (after seeing all the DNS protocol violations)
> that a collaborative list of all DNS protocol violations in the wild
> might be beneficial to both DNS implementors and also to increase a
> pressure on those operators to fix their issues.
> Perhaps we can have such list at some neutral place like DNS-OARC?
> Unfortunately I have a plenty of material I can contribute as of this
> moment.
> My favorite one is log.kmplayer.com that just appends some extra \0
> bytes after the last RRSet in the answer.  (Probably allocating a
> fixed sized buffer and sending it whole instead of just the part
> that was filled?)

I can contribue a bunch of DNS operators that botch authenticated
denial of existence in a variety of ways, some instead mangle SOA
record signatures, and some others drop requests for TLSA records.


More information about the dns-operations mailing list