[dns-operations] TLDs with broken EDNS behaviour
Mark Andrews
marka at isc.org
Mon Feb 18 00:20:36 UTC 2019
We are down to 5 TLDs that have misbehaving EDNS servers.
Badly configured / out-of-date firewalls:
kp. @175.45.176.15 (ns1.kptc.kp.): dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok
kp. @175.45.176.16 (ns2.kptc.kp.): dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok signed=ok ednstcp=ok
lb. @193.188.128.14 (zeina.aub.edu.lb.): dns=ok edns=ok edns1=timeout edns at 512=ok ednsopt=ok edns1opt=timeout do=ok ednsflags=timeout optlist=ok,expire,cookie,subnet signed=ok,yes ednstcp=ok
Non RFC compliant (out-of-date) servers:
ge. @212.72.130.11 (ns.nic.ge.): dns=ok edns=ok edns1=noerror,badversion,soa edns at 512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @202.128.29.2 (ns1.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns at 512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @202.128.29.135 (ns2.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns at 512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @75.101.129.89 (ns3.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns at 512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
mp. @75.101.133.101 (ns4.nic.mp.): dns=ok edns=ok edns1=noerror,badversion,soa edns at 512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok ednstcp=ok
vu. @202.80.32.9 (ns1-cctld.vunic.vu.): dns=ok edns=ok edns1=noerror,badversion,soa edns at 512=ok ednsopt=ok edns1opt=noerror,badversion,soa do=ok ednsflags=ok optlist=ok,nsid signed=ok,yes ednstcp=ok
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list