[dns-operations] Hall of DNS Shame (?)

Ondřej Surý ondrej.sury at nic.cz
Tue Jan 24 16:38:28 UTC 2017


I'll kickoff something then as an example.


On 24 January 2017 16:49:16 Warren Kumari <warren at kumari.net> wrote:

> On Tue, Jan 24, 2017 at 8:46 AM, Ondřej Surý <ondrej.sury at nic.cz> wrote:
>> Hi,
>>
>> I've been thinking lately (after seeing all the DNS protocol violations)
>> that a collaborative list of all DNS protocol violations in the wild
>> might be beneficial to both DNS implementors and also to increase a
>> pressure on those operators to fix their issues.
>>
>> Perhaps we can have such list at some neutral place like DNS-OARC?
>
> This sounds like a grand idea.
> W
>
>>
>> Unfortunately I have a plenty of material I can contribute as of this
>> moment.
>>
>> My favorite one is log.kmplayer.com that just appends some extra \0
>> bytes after the last RRSet in the answer.  (Probably allocating a
>> fixed sized buffer and sending it whole instead of just the part
>> that was filled?)
>>
>> Cheers,
>> --
>>  Ondřej Surý -- Technical Fellow
>>  --------------------------------------------
>>  CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
>>  Milesovska 5, 130 00 Praha 3, Czech Republic
>>  mailto:ondrej.sury at nic.cz    https://nic.cz/
>>  --------------------------------------------
>>
>> ----- Original Message -----
>>> From: "Theodore Baschak" <theodore at ciscodude.net>
>>> To: "dns-operations" <dns-operations at dns-oarc.net>
>>> Sent: Wednesday, 18 January, 2017 07:16:19
>>> Subject: Re: [dns-operations] Know anybody at McAfee/Intel Cloud DNS team?
>>
>>> On Tue, Jan 17, 2017 at 9:13 PM, David < [ mailto:opendak at shaw.ca |
>>> opendak at shaw.ca ] > wrote:
>>>
>>>
>>>
>>> SonicWALL ( [ http://webcfs00.com/ | webcfs00.com ] ) is pretty bad at this 
>>> too.
>>> Their "noise" account for about 10-15% of our servfail producing queries.
>>>
>>> Similarly, I've seen WISPs block fortigate FWs for their "abuse of port 53" as
>>> well.
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf





More information about the dns-operations mailing list