[dns-operations] Hall of DNS Shame (?)

Viktor Dukhovni ietf-dane at dukhovni.org
Tue Jan 24 18:21:26 UTC 2017


> On Jan 24, 2017, at 12:52 PM, Robert Edmonds <edmonds at mycre.ws> wrote:
> 
>> I can contribue a bunch of DNS operators that botch authenticated
>> denial of existence in a variety of ways, some instead mangle SOA
>> record signatures, and some others drop requests for TLSA records.
> 
> I think these kinds of errors are in another category, and there are
> already some pretty good tools for dealing with them like DNSViz.
> Sending the wrong data correctly encoded is different from incorrectly
> encoding the data.

Yes, DNSViz provides useful tooling to document the issue when corresponding
with the operators in question, however it applies no public pressure to
address the issue in a timely manner.

I don't see why a list of poor DNS implementations should be limited to
malformed packets, and exclude well formed bad data.

While I've had luck working directly with some providers (with 
Transip, Forpsi, Binero, Neustar and a few others addressing reported
issues), some other providers ignored problem reports until the issue
was raised in a public forum.

-- 
	Viktor.




More information about the dns-operations mailing list