<html><head></head><body><blockquote type="cite"><pre>Date: Fri, 3 Mar 2017 11:37:45 -0500
From: Viktor Dukhovni <<a href="mailto:ietf-dane@dukhovni.org">ietf-dane@dukhovni.org</a>>
To: dns-operations <<a href="mailto:dns-operations@dns-oarc.net">dns-operations@dns-oarc.net</a>>
Subject: [dns-operations] Godaddy (domaincontrol.com) seemingly in no
        hurry to fix DVE-2017-0014?

The DVE entry link is:

   <a href="https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0014.md">https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0014.md</a>

Sure looks like a misconfigured Arbor Networks firewall is filtering TLSA
records over IPv4, but not IPv6.  This breaks (some, from DANE-enabled senders)
email for uspta.org for example:

   <a href="http://dnsviz.net/d/_25._tcp.svr-zeta.uspta.org/dnssec/">http://dnsviz.net/d/_25._tcp.svr-zeta.uspta.org/dnssec/</a>

Anyone know who at Godaddy might prove responsive for issues with
the pdns0[1278].domaincontrol.com nameservers?

-- 
        Viktor.
</pre></blockquote><div><span><pre><br></pre><pre>The Go Daddy DNS team was not made aware of this DVE.  We are looking into it at this time.</pre><pre><br></pre><pre>-- <br></pre><span style="font-family: monospace;">Brian L. King (</span><a href="mailto:blk@godaddy.com" style="font-family: monospace;">blk@godaddy.com</a><span style="font-family: monospace;">)</span><br style="font-family: monospace;"><span style="font-family: monospace;">Senior Linux/DNS Systems Administrator</span><br style="font-family: monospace;"><span style="font-family: monospace;">Managed/Corporate DNS, Go Daddy</span><br style="font-family: monospace;"><span style="font-family: monospace;">:wq!</span></span></div><div><span class="-x-evo-signature"><span style="font-family: monospace;"><br></span></span></div></body></html>