[dns-operations] TLSA denial of existence issues at dotroll.com
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Aug 29 23:25:27 UTC 2018
> On Aug 6, 2018, at 9:43 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> A handful of hosting providers account for the majority of observed issues
> with DNSSEC denial of existence. I've put together an easy to browse
> DNSViz "gallery" of the problems seen at each of the top 10 such providers:
>
> 89 http://imrryr.org/~viktor/dnsviz/dotroll.com.html
That number is now 107, all but 3 return NODATA for TLSA lookups, but NSEC
chain consists of just the zone apex, and does not include the wildcard
also present in the zone.
The remaining 3 have somewhat more sporadic issues:
SERVFAIL queries with DO bit:
http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.sparbudapestmaraton.hu.html
http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.unisportfutobolt.hu.html
Lame delegation of _tcp sub-domain:
http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.tmforum.hu.html
> ... perhaps some of you know exactly the right person ...
> to gently nudge to get the issues resolved ...
I've had any luck with <support at dotroll.com> or their twitter account. Anyone
know any humans behind dotroll.com/webspacecontrol.com?
--
Viktor.
More information about the dns-operations
mailing list