[dns-operations] TLSA denial of existence issues at dotroll.com
Csillag Tamas
cstamas at nic.hu
Thu Aug 30 09:37:08 UTC 2018
Hi Viktor,
On Wed, Aug 29, 2018 at 07:25:27PM -0400, Viktor Dukhovni wrote:
> > On Aug 6, 2018, at 9:43 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> >
> > A handful of hosting providers account for the majority of observed issues
> > with DNSSEC denial of existence. I've put together an easy to browse
> > DNSViz "gallery" of the problems seen at each of the top 10 such providers:
> >
> > 89 http://imrryr.org/~viktor/dnsviz/dotroll.com.html
>
> That number is now 107, all but 3 return NODATA for TLSA lookups, but NSEC
> chain consists of just the zone apex, and does not include the wildcard
> also present in the zone.
>
> The remaining 3 have somewhat more sporadic issues:
>
> SERVFAIL queries with DO bit:
> http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.sparbudapestmaraton.hu.html
> http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.unisportfutobolt.hu.html
>
> Lame delegation of _tcp sub-domain:
> http://imrryr.org/~viktor/dnsviz/dotroll.com.d/_25._tcp.tmforum.hu.html
>
> > ... perhaps some of you know exactly the right person ...
> > to gently nudge to get the issues resolved ...
>
> I've had any luck with <support at dotroll.com> or their twitter account. Anyone
> know any humans behind dotroll.com/webspacecontrol.com?
I have forwarded your email to a contact I know at dotroll.com. I hope they
will get back to you shortly.
Regards,
Tamas
--
Csillag Tamas @ nic.hu
More information about the dns-operations
mailing list