[dns-operations] Godaddy (domaincontrol.com) seemingly in no hurry to fix DVE-2017-0014?
Mark Andrews
marka at isc.org
Sat Mar 4 02:56:02 UTC 2017
In message <666C0CE1-27FE-48BA-9D46-B88D320075A7 at dukhovni.org>, Viktor Dukhovni
writes:
> The DVE entry link is:
>
> https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0014.
> md
>
> Sure looks like a misconfigured Arbor Networks firewall is filtering TLSA
> records over IPv4, but not IPv6. This breaks (some, from DANE-enabled sender
> s)
> email for uspta.org for example:
>
> http://dnsviz.net/d/_25._tcp.svr-zeta.uspta.org/dnssec/
>
> Anyone know who at Godaddy might prove responsive for issues with
> the pdns0[1278].domaincontrol.com nameservers?
And if anyone can get Godaddy to listen, EDNS support needs to be fixed.
They mishandle unknown EDNS flags.
They mishandle EDNS version != 0.
oursteps.com.au. @208.109.255.52 (pdns06.domaincontrol.com.): dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=mbz optlist=ok,nsid signed=ok ednstcp=ok
oursteps.com.au. @2607:f208:303::34 (pdns06.domaincontrol.com.): dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=mbz optlist=ok,nsid signed=ok ednstcp=ok
oursteps.com.au. @216.69.185.52 (pdns05.domaincontrol.com.): dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=mbz optlist=ok,nsid signed=ok ednstcp=ok
oursteps.com.au. @2607:f208:207::34 (pdns05.domaincontrol.com.): dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=mbz optlist=ok,nsid signed=ok ednstcp=ok
Mark
> --
> Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list