[dns-operations] Hall of DNS Shame (?)
Mark Andrews
marka at isc.org
Tue Jan 24 23:02:16 UTC 2017
Can DNSVis please send queries with DNS COOKIES enabled?
That way all the servers that mishandle such queries will get
flagged as being broken.
Mark
In message <474C5A7B-BDDD-49F6-9AD5-7A391D54400C at deccio.net>, Casey Deccio writes:
>
> > On Jan 24, 2017, at 10:52 AM, Robert Edmonds <edmonds at mycre.ws> wrote:
> >
> > Viktor Dukhovni wrote:
> >> I can contribue a bunch of DNS operators that botch authenticated
> >> denial of existence in a variety of ways, some instead mangle SOA
> >> record signatures, and some others drop requests for TLSA records.
> >
> > I think these kinds of errors are in another category, and there are
> > already some pretty good tools for dealing with them like DNSViz.
> > Sending the wrong data correctly encoded is different from incorrectly
> > encoding the data.
>
> For what it's worth, the errors that DNSViz checks for (in correctly encoded messages) are categorized here:
>
> https://github.com/dnsviz/dnsviz/blob/master/dnsviz/analysis/errors.py
>
> But it currently relies on dnspython's Message.from_wire() to decode wire messages, so it only gets an Exception when the m
> essage is malformed.
>
> > BTW, there is a tool written by James Raftery called dnsrend
> > (http://romana.now.ie/dnsrend/) that disassembles DNS messages (even
> > severely broken messages) with copious verbosity, and is very nice for
> > debugging errors in the DNS message layer.
>
> Very cool!
>
> Casey
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list