[dns-operations] DNS Violations (Was: Hall of DNS Shame (?))

Ondřej Surý ondrej.sury at nic.cz
Mon Jan 30 11:28:31 UTC 2017


you are most welcome to propose a format that could be used
for automated testing.  The primary purpose is to store
a collective knowledge of various DNS Violations.  The "DNS
Shaming" part comes as a part of it, as I don't think it
serves any purpose to anonymize the issues.  These are violations
observed in the wild and there's nothing private there and
all DNS messages collected can be seem on the wire by any
party (with normal internet access).

I would also like to note that I see a great value in a textual
description of the cases, as these might serve as a clarifications
or just pointers to relevant RFCs.  The language of the DVEs
should be neutral and anybody is welcomed to fill an issue or PR
to fix the language if there's too much emotional baggage attached.

Also it's usually easier to construct a test case from a textual
description than from a raw packet capture (without any description).
So both combined (textual + dnstap) might work the best.

 Ondřej Surý -- Technical Fellow
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej.sury at nic.cz    https://nic.cz/

----- Original Message -----
> From: "jv" <jv at fcelda.cz>
> To: "dns-operations" <dns-operations at dns-oarc.net>
> Sent: Monday, 30 January, 2017 10:43:37
> Subject: Re: [dns-operations] DNS Violations (Was: Hall of DNS Shame (?))

> On Fri, Jan 27, 2017 at 12:44 AM, Viktor Dukhovni wrote:
>> Is the primary purpose indeed (automated) "testing"?  I thought it was
>> publicizing the issues in the hope that they would then be more likely
>> to get fixed.  FWIW, the first pull request I've queued up is for
>> long-standing issues.
> I don't think publicising will help anything. If the DNS
> operator/vendor was notified and didn't fix the problem yet, then it's
> likely not a priority for them or there is something else preventing
> application of the fix. And if we are expected to live with these
> broken implementations then using the reports for automated testing
> might be more constructive.
> On Fri, Jan 27, 2017 at 8:27 AM, Jerry Lundström wrote:
>> Absolutely valid points, would you consider making a pull request/issue
>> for the format and perhaps participate as a maintainer of the list?
> If the primary purpose is to publicise the issues, then sorry but no.
> I don't want to participate on maintaining a shame list.
> If the primary purpose is to build more resilient DNS clients, then I
> might consider creating a PR adding .dnstap files for the current
> reports.
> Jan
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list