[dns-operations] Anyone on this list from Arbor Networks (or know a solid engineering contact)?

Barry Greene bgreene at senki.org
Tue Jun 19 06:54:25 UTC 2018


Roland Dobbins might be up and would know who to contact.

Sent from my iPhone

> On Jun 18, 2018, at 10:35 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> 
> 
> The recently reported issues, broadly affecting (at least)
> a few thousand domains under nic.in, were, as surmised, due
> to a misconfigured Arbor Networks firewall, in which DNS
> filters were enabled that drop queries for all but the most
> common RR types.  The telltale behaviour is that TLSA
> lookups get through to the domain's IPv6 nameservers but
> are dropped by the IPv4 nameservers, while the same qname
> with type "A" gets through over IPv4.
> 
> This feature is akin to a loaded shotgun pointed at both of
> the customer's own feet.  It would be really super for this
> feature to be removed from the product, and perhaps for an
> advisory to go out to existing customers that the feature
> turned out in retrospect to do more harm than good and should
> be disabled in any legacy software versions that still make
> the misconfiguration possible...
> 
> -- 
>    Viktor.
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations





More information about the dns-operations mailing list