[dns-operations] DNS Violations (Was: Hall of DNS Shame (?))

Ondřej Surý ondrej.sury at nic.cz
Mon Jan 30 12:49:09 UTC 2017 

So, I have added dnstap for all DVEs submitted so far (as PRs).

I still have no idea how that could be used for automated testing unless we start editing those dnstap files to have a "correct" response from those servers. But any ideas are welcomed.

Cheers,
Ondrej

--
 Ondřej Surý -- Technical Fellow
 --------------------------------------------
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej.sury at nic.cz    https://nic.cz/
 --------------------------------------------

----- Original Message -----
> From: "Ondřej Surý" <ondrej.sury at nic.cz>
> To: "jv" <jv at fcelda.cz>
> Cc: "dns-operations" <dns-operations at dns-oarc.net>
> Sent: Monday, 30 January, 2017 12:28:31
> Subject: Re: [dns-operations] DNS Violations (Was: Hall of DNS Shame (?))

> Jan,
> 
> you are most welcome to propose a format that could be used
> for automated testing.  The primary purpose is to store
> a collective knowledge of various DNS Violations.  The "DNS
> Shaming" part comes as a part of it, as I don't think it
> serves any purpose to anonymize the issues.  These are violations
> observed in the wild and there's nothing private there and
> all DNS messages collected can be seem on the wire by any
> party (with normal internet access).
> 
> I would also like to note that I see a great value in a textual
> description of the cases, as these might serve as a clarifications
> or just pointers to relevant RFCs.  The language of the DVEs
> should be neutral and anybody is welcomed to fill an issue or PR
> to fix the language if there's too much emotional baggage attached.
> 
> Also it's usually easier to construct a test case from a textual
> description than from a raw packet capture (without any description).
> So both combined (textual + dnstap) might work the best.
> 
> Cheers,
> --
> Ondřej Surý -- Technical Fellow
> --------------------------------------------
> CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
> Milesovska 5, 130 00 Praha 3, Czech Republic
> mailto:ondrej.sury at nic.cz    https://nic.cz/
> --------------------------------------------
> 
> ----- Original Message -----
>> From: "jv" <jv at fcelda.cz>
>> To: "dns-operations" <dns-operations at dns-oarc.net>
>> Sent: Monday, 30 January, 2017 10:43:37
>> Subject: Re: [dns-operations] DNS Violations (Was: Hall of DNS Shame (?))
> 
>> On Fri, Jan 27, 2017 at 12:44 AM, Viktor Dukhovni wrote:
>>> Is the primary purpose indeed (automated) "testing"?  I thought it was
>>> publicizing the issues in the hope that they would then be more likely
>>> to get fixed.  FWIW, the first pull request I've queued up is for
>>> long-standing issues.
>> 
>> I don't think publicising will help anything. If the DNS
>> operator/vendor was notified and didn't fix the problem yet, then it's
>> likely not a priority for them or there is something else preventing
>> application of the fix. And if we are expected to live with these
>> broken implementations then using the reports for automated testing
>> might be more constructive.
>> 
>> On Fri, Jan 27, 2017 at 8:27 AM, Jerry Lundström wrote:
>>> Absolutely valid points, would you consider making a pull request/issue
>>> for the format and perhaps participate as a maintainer of the list?
>> 
>> If the primary purpose is to publicise the issues, then sorry but no.
>> I don't want to participate on maintaining a shame list.
>> If the primary purpose is to build more resilient DNS clients, then I
>> might consider creating a PR adding .dnstap files for the current
>> reports.
>> 
>> Jan
>> 
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list