[dns-operations] TLSA denial of existence issues at dotroll.com

Csillag Tamas cstamas at nic.hu
Thu Aug 30 09:37:08 UTC 2018


Hi Viktor,

On Wed, Aug 29, 2018 at 07:25:27PM -0400, Viktor Dukhovni wrote:
> > On Aug 6, 2018, at 9:43 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> > 
> > A handful of hosting providers account for the majority of observed issues
> > with DNSSEC denial of existence.  I've put together an easy to browse
> > DNSViz "gallery" of the problems seen at each of the top 10 such providers:
> > 
> > 89   http://imrryr.org/~viktor/dnsviz/dotroll.com.html
> 
> That number is now 107, all but 3 return NODATA for TLSA lookups, but NSEC
> chain consists of just the zone apex, and does not include the wildcard
> also present in the zone.
> 
> The remaining 3 have somewhat more sporadic issues:
> 
>  SERVFAIL queries with DO bit:
>    http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.sparbudapestmaraton.hu.html
>    http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.unisportfutobolt.hu.html
> 
>  Lame delegation of _tcp sub-domain:
>    http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.tmforum.hu.html
> 
> > ... perhaps some of you know exactly the right person ...
> > to gently nudge to get the issues resolved ...
> 
> I've had any luck with <support at dotroll.com> or their twitter account.  Anyone
> know any humans behind dotroll.com/webspacecontrol.com?

I have forwarded your email to a contact I know at dotroll.com. I hope they
will get back to you shortly.

Regards,
 Tamas
-- 
 Csillag Tamas @ nic.hu


More information about the dns-operations mailing list