[dns-operations] Anyone on this list from Arbor Networks (or know a solid engineering contact)?
Barry Greene
bgreene at senki.org
Tue Jun 19 06:54:25 UTC 2018
Roland Dobbins might be up and would know who to contact.
Sent from my iPhone
> On Jun 18, 2018, at 10:35 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
>
> The recently reported issues, broadly affecting (at least)
> a few thousand domains under nic.in, were, as surmised, due
> to a misconfigured Arbor Networks firewall, in which DNS
> filters were enabled that drop queries for all but the most
> common RR types. The telltale behaviour is that TLSA
> lookups get through to the domain's IPv6 nameservers but
> are dropped by the IPv4 nameservers, while the same qname
> with type "A" gets through over IPv4.
>
> This feature is akin to a loaded shotgun pointed at both of
> the customer's own feet. It would be really super for this
> feature to be removed from the product, and perhaps for an
> advisory to go out to existing customers that the feature
> turned out in retrospect to do more harm than good and should
> be disabled in any legacy software versions that still make
> the misconfiguration possible...
>
> --
> Viktor.
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list