[dns-operations] Hall of DNS Shame (?)
Mark Andrews
marka at isc.org
Mon Jan 30 19:44:48 UTC 2017
In message <1667669.eHVLj89g5Y at leap.local>, Paul Vixie writes:
>
> On Monday, January 30, 2017 2:00:03 PM PST Jerry Lundstrom wrote:
> ...
> > > I'm willing to donate my *lolz.one *to the project if there's an
> > > interest :-)
> >
> > I'm going to be a bit boring here and say that if/when we get a website
> > it will most likely be under dns-oarc.net .
>
> +1. i was hoping you'd say/do that.
>
> --
> P. Vixie
The first vendors that need to be contacted are firewall vendors.
They need to remove the idiotic packet dropping by default for:
* dropping requests with EDNS version != 0
* dropping requests with EDNS option being present
* dropping requests with EDNS NSID option being present
* dropping requests with A EDNS flag being set other than DO.
* dropping requests with AD=1
* dropping requests with DO=1 (nearly gone)
* dropping requests with the last MBZ bit set.
They need to issue CVE's for all code that has these properties.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list