[dns-operations] Hall of DNS Shame (?)

Robert Edmonds edmonds at mycre.ws
Tue Jan 24 17:52:24 UTC 2017

Viktor Dukhovni wrote:
> I can contribue a bunch of DNS operators that botch authenticated
> denial of existence in a variety of ways, some instead mangle SOA
> record signatures, and some others drop requests for TLSA records.

I think these kinds of errors are in another category, and there are
already some pretty good tools for dealing with them like DNSViz.
Sending the wrong data correctly encoded is different from incorrectly
encoding the data.

BTW, there is a tool written by James Raftery called dnsrend
(http://romana.now.ie/dnsrend/) that disassembles DNS messages (even
severely broken messages) with copious verbosity, and is very nice for
debugging errors in the DNS message layer.

Robert Edmonds

More information about the dns-operations mailing list