[dns-operations] Hall of DNS Shame (?)

Mark Andrews marka at isc.org
Tue Jan 24 20:03:56 UTC 2017


In message <fa18c7ac-cd23-c760-4a04-9d080f1259e6 at switch.ch>, Daniel Stirnimann writes:
> > I've been thinking lately (after seeing all the DNS protocol violations)
> > that a collaborative list of all DNS protocol violations in the wild
> > might be beneficial to both DNS implementors and also to increase a
> > pressure on those operators to fix their issues.
> > 
> > Perhaps we can have such list at some neutral place like DNS-OARC?
> 
> Apart from a list, we need a testing tool and a reference to an RFC
> which tells how to fix it.
> 
> I actually quite like the EDNS compliance test from isc.org. It does not
> cover other DNS protocol violations but it's a start. It would need to
> be extended with a public archive of failed tests and then maybe a short
> list of failed domains listed in Alexa/OpenDNS.

The tool that tests for EDNS compliance can also test for all of
the issues raised in draft-ietf-dnsop-no-response-issue and then
some.  It can also test every non meta query type.

https://ednscomp.isc.org/compliance/tld-fullreport.txt
https://ednscomp.isc.org/compliance/tld-typereport.txt
 
> btw: my current favorite is download.adobe.com which fails with DNS
> Cookies (https://ednscomp.isc.org/ednscomp/16a4edd864). No more Adobe
> downloads from the Swiss NREN resolvers!

We have been told them multiple time how to fix this and they nearly
had it correct.  They were just missing the final period on the
CNAME record in the backing zone that catches the queries that
aren't answered by the loadbalancer's front end. They have regressed
back to not having the CNAME record.

Perhaps the SEC and other bodies should be testing for DNS compliance.
I'm sure Adobe's share holders would like to know what Adobe is
getting wrong.

Mark

> Daniel
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list