[dns-operations] Hall of DNS Shame (?)
Casey Deccio
casey at deccio.net
Tue Jan 24 22:42:45 UTC 2017
> On Jan 24, 2017, at 10:52 AM, Robert Edmonds <edmonds at mycre.ws> wrote:
>
> Viktor Dukhovni wrote:
>> I can contribue a bunch of DNS operators that botch authenticated
>> denial of existence in a variety of ways, some instead mangle SOA
>> record signatures, and some others drop requests for TLSA records.
>
> I think these kinds of errors are in another category, and there are
> already some pretty good tools for dealing with them like DNSViz.
> Sending the wrong data correctly encoded is different from incorrectly
> encoding the data.
For what it's worth, the errors that DNSViz checks for (in correctly encoded messages) are categorized here:
https://github.com/dnsviz/dnsviz/blob/master/dnsviz/analysis/errors.py
But it currently relies on dnspython's Message.from_wire() to decode wire messages, so it only gets an Exception when the message is malformed.
> BTW, there is a tool written by James Raftery called dnsrend
> (http://romana.now.ie/dnsrend/) that disassembles DNS messages (even
> severely broken messages) with copious verbosity, and is very nice for
> debugging errors in the DNS message layer.
Very cool!
Casey
More information about the dns-operations
mailing list