[dane] Problem with transip.{eu, net, nl} nameservers and DANE TLSA
Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 23 November 2014 20:23 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84F041A1AAF for <dane@ietfa.amsl.com>; Sun, 23 Nov 2014 12:23:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0Q4M0QTQVSj for <dane@ietfa.amsl.com>; Sun, 23 Nov 2014 12:23:47 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E8311A1AAD for <dane@ietf.org>; Sun, 23 Nov 2014 12:23:46 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 95DFC282FCF; Sun, 23 Nov 2014 20:23:45 +0000 (UTC)
Date: Sun, 23 Nov 2014 20:23:45 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: hostmaster@transip.nl
Message-ID: <20141123202345.GI922@mournblade.imrryr.org>
References: <e78b811d7c054a1bb1ced93b38109be7@forpsi.com> <20140908123910.GU26920@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20140908123910.GU26920@mournblade.imrryr.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/Tr8Iv8xez1Znu5mEGABaFxtUmyQ
Cc: "Deccio, Casey" <cdeccio@verisign.com>, dane@ietf.org
Subject: [dane] Problem with transip.{eu, net, nl} nameservers and DANE TLSA
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Nov 2014 20:23:49 -0000
As previously noted transip.nl domains emit incorrect denial of existence NSEC3 records for DANE TLSA queries. This will cause email delivery problems to your customers' domains if not resolved by fixing the nameserver software. My new (and surely incomplete) list of affected domains is below. The newly updated (thanks Casey!) dnsviz.net site now gives a very clear picture of the problem (just "mouse over" the NSEC3 record box). The NODATA response is not accompanied by any NSEC3 records that match the hash of the Qname: http://dnsviz.net/d/_25._tcp.mail.tekoopjes.be/dnssec/?rr=52&ds=all&a=all&doe=on&ta=. Queries for the TLSA records of all the MX hosts below similarly fail validation. What and when might be done to fully address this issue? Domain _25._tcp.mx-host. TLSA ? --------------------------------- --------------------------- tekoopjes.be. _25._tcp.mail.tekoopjes.be TLSA ? gryla.biz. _25._tcp.mail.gryla.biz TLSA ? aimyapp.com. _25._tcp.mail.aimyapp.com TLSA ? allofutopia.com. _25._tcp.mail.allofutopia.com TLSA ? bagatyou.com. _25._tcp.mail.bagatyou.com TLSA ? brunolinux.com. _25._tcp.mail.brunolinux.com TLSA ? chapterthemes.com. _25._tcp.mail.chapterthemes.com TLSA ? code-shop.com. _25._tcp.mail.code-shop.com TLSA ? codingunit.com. _25._tcp.mail.codingunit.com TLSA ? connections-it.com. _25._tcp.mail01.connections-it.com TLSA ? cultjer.com. _25._tcp.mail.cultjer.com TLSA ? cvgadget.com. _25._tcp.mail.cvgadget.com TLSA ? eminent-online.com. _25._tcp.mail.eminent-online.com TLSA ? gipsyfortuneteller.com. _25._tcp.mail.gipsyfortuneteller.com TLSA ? grasscompany.com. _25._tcp.mail.grasscompany.com TLSA ? inspirationalshops.com. _25._tcp.mail.inspirationalshops.com TLSA ? jolioriginals.com. _25._tcp.mail.jolioriginals.com TLSA ? kiiroo.com. _25._tcp.mail.kiiroo.com TLSA ? kivits.com. _25._tcp.mail.kivits.com TLSA ? mafiacontrol.com. _25._tcp.mail.mafiacontrol.com TLSA ? mtimpex.com. _25._tcp.mail.mtimpex.com TLSA ? onlinephpfunctions.com. _25._tcp.mail.onlinephpfunctions.com TLSA ? regularbolditalic.com. _25._tcp.mail.regularbolditalic.com TLSA ? sneltoetsen.com. _25._tcp.mail.sneltoetsen.com TLSA ? startupjuncture.com. _25._tcp.mail.startupjuncture.com TLSA ? statfetch.com. _25._tcp.mail.statfetch.com TLSA ? superfoodsi.com. _25._tcp.mail.superfoodsi.com TLSA ? toolshero.com. _25._tcp.mail.toolshero.com TLSA ? trentt.com. _25._tcp.mail.trentt.com TLSA ? villaxl.com. _25._tcp.mail.villaxl.com TLSA ? webshopapp.com. _25._tcp.mail.webshopapp.com TLSA ? zorgverzekering2015.com. _25._tcp.mail.zorgverzekering2015.com TLSA ? kinderspiele.de. _25._tcp.mail.kinderspiele.de TLSA ? makeupaktion.de. _25._tcp.mail.makeupaktion.de TLSA ? notprovided.eu. _25._tcp.mail.notprovided.eu TLSA ? cathair.net. _25._tcp.mail.cathair.net TLSA ? whatdoestheinternetthink.net. _25._tcp.mail.whatdoestheinternetthink.net TLSA ? 12gobiking.nl. _25._tcp.mail.12gobiking.nl TLSA ? 80db.nl. _25._tcp.office.80db.nl TLSA ? aanbodpagina.nl. _25._tcp.mail.aanbodpagina.nl TLSA ? alainotjens.nl. _25._tcp.mail.alainotjens.nl TLSA ? androidworld.nl. _25._tcp.old.androidworld.nl TLSA ? baby-slofje.nl. _25._tcp.mail.baby-slofje.nl TLSA ? beginspot.nl. _25._tcp.mail.beginspot.nl TLSA ? benchwarmers.nl. _25._tcp.mail.benchwarmers.nl TLSA ? besteld.nl. _25._tcp.mail.besteld.nl TLSA ? bitlabs.nl. _25._tcp.mail.bitlabs.nl TLSA ? bmwforum.nl. _25._tcp.mail.bmwforum.nl TLSA ? boatcruisesamsterdam.nl. _25._tcp.mail.boatcruisesamsterdam.nl TLSA ? boetiek.nl. _25._tcp.mail.boetiek.nl TLSA ? casade.nl. _25._tcp.mail.casade.nl TLSA ? celdomy.nl. _25._tcp.mx.celdomy.nl TLSA ? consentido.nl. _25._tcp.mail.consentido.nl TLSA ? creativegeeks.nl. _25._tcp.mail.creativegeeks.nl TLSA ? cybercell.nl. _25._tcp.mail.cybercell.nl TLSA ? debrugkrant.nl. _25._tcp.mail.debrugkrant.nl TLSA ? diannetemebel.nl. _25._tcp.mail.diannetemebel.nl TLSA ? discountoffice.nl. _25._tcp.mail.discountoffice.nl TLSA ? dresscode.nl. _25._tcp.mail.dresscode.nl TLSA ? droominfo.nl. _25._tcp.mail.droominfo.nl TLSA ? e-matching.nl. _25._tcp.mail.e-matching.nl TLSA ? energy4all.nl. _25._tcp.mail.energy4all.nl TLSA ? erdee.nl. _25._tcp.mx01.erdee.nl TLSA ? ervaringenreview.nl. _25._tcp.mail.ervaringenreview.nl TLSA ? etiquette.nl. _25._tcp.mail.etiquette.nl TLSA ? fonq.nl. _25._tcp.mail.fonq.nl TLSA ? g-vloeren.nl. _25._tcp.mail.g-vloeren.nl TLSA ? gamersnet.nl. _25._tcp.mail.gamersnet.nl TLSA ? gamesync.nl. _25._tcp.mail.gamesync.nl TLSA ? gfkintomart.nl. _25._tcp.mail.gfkintomart.nl TLSA ? google-plus-marketing.nl. _25._tcp.mail.google-plus-marketing.nl TLSA ? harmonieorkestamstelveen.nl. _25._tcp.mail.harmonieorkestamstelveen.nl TLSA ? headlines.nl. _25._tcp.mail.headlines.nl TLSA ? hvzeeland.nl. _25._tcp.mail.hvzeeland.nl TLSA ? hypoconcern.nl. _25._tcp.exchange.hypoconcern.nl TLSA ? indextra.nl. _25._tcp.mercurius.indextra.nl TLSA ? infonu.nl. _25._tcp.mail.infonu.nl TLSA ? interhouse.nl. _25._tcp.mail.interhouse.nl TLSA ? jasperalblas.nl. _25._tcp.mail.jasperalblas.nl TLSA ? koopjegedicht.nl. _25._tcp.mail.koopjegedicht.nl TLSA ? lansolutions.nl. _25._tcp.barracuda1.lansolutions.nl TLSA ? livewall.nl. _25._tcp.mail.livewall.nl TLSA ? managementgoeroes.nl. _25._tcp.mail.managementgoeroes.nl TLSA ? marcobax.nl. _25._tcp.mail.marcobax.nl TLSA ? marketingmed.nl. _25._tcp.mail.marketingmed.nl TLSA ? mediumchat.nl. _25._tcp.mail.mediumchat.nl TLSA ? mijnsportwinkels.nl. _25._tcp.mail.mijnsportwinkels.nl TLSA ? muziekgebouw.nl. _25._tcp.mail.muziekgebouw.nl TLSA ? nrccarriere.nl. _25._tcp.mail.nrccarriere.nl TLSA ? ohfashion.nl. _25._tcp.mail.ohfashion.nl TLSA ? oldwood.nl. _25._tcp.mail.oldwood.nl TLSA ? ooshopping.nl. _25._tcp.mail.ooshopping.nl TLSA ? oplaadpalen.nl. _25._tcp.mail.oplaadpalen.nl TLSA ? optimusad.nl. _25._tcp.mail.optimusad.nl TLSA ? otjensa.nl. _25._tcp.mail.otjensa.nl TLSA ? partycorner.nl. _25._tcp.mail.partycorner.nl TLSA ? pastoorkingma.nl. _25._tcp.mail.pastoorkingma.nl TLSA ? peekaas.nl. _25._tcp.mail.peekaas.nl TLSA ? penninkhofmode.nl. _25._tcp.mail.penninkhofmode.nl TLSA ? performance.nl. _25._tcp.mail.performance.nl TLSA ? poort3.nl. _25._tcp.cs03.poort3.nl TLSA ? proud2bme.nl. _25._tcp.mail.proud2bme.nl TLSA ? puurweb.nl. _25._tcp.mail.puurweb.nl TLSA ? radiocorp.nl. _25._tcp.mail.radiocorp.nl TLSA ? receptenvandaag.nl. _25._tcp.mail.receptenvandaag.nl TLSA ? redskillz.nl. _25._tcp.mail.redskillz.nl TLSA ? reviewspot.nl. _25._tcp.mail.reviewspot.nl TLSA ? sail-2015.nl. _25._tcp.mail.sail-2015.nl TLSA ? seoshop.nl. _25._tcp.mail.seoshop.nl TLSA ? shoeline.nl. _25._tcp.mail.shoeline.nl TLSA ? shopvilla.nl. _25._tcp.mail.shopvilla.nl TLSA ? showhome.nl. _25._tcp.mail.showhome.nl TLSA ? singerlaren.nl. _25._tcp.mail.singerlaren.nl TLSA ? sitepreview.nl. _25._tcp.mail.sitepreview.nl TLSA ? splendense.nl. _25._tcp.mailhost.splendense.nl TLSA ? sportnext.nl. _25._tcp.mail.sportnext.nl TLSA ? studio-donder.nl. _25._tcp.mail.studio-donder.nl TLSA ? tarwegraskoning.nl. _25._tcp.mail.tarwegraskoning.nl TLSA ? thatsgaming.nl. _25._tcp.mail.thatsgaming.nl TLSA ? thuiswerkvacatures.nl. _25._tcp.mail.thuiswerkvacatures.nl TLSA ? topprice24.nl. _25._tcp.mail.topprice24.nl TLSA ? trendstats.nl. _25._tcp.mail.trendstats.nl TLSA ? vindhetviahier.nl. _25._tcp.mail.vindhetviahier.nl TLSA ? webwinkelsoftware.nl. _25._tcp.mail.webwinkelsoftware.nl TLSA ? weeghals.nl. _25._tcp.mail.weeghals.nl TLSA ? why.nl. _25._tcp.mail.why.nl TLSA ? wordfeudpro.nl. _25._tcp.mail.wordfeudpro.nl TLSA ? wouterhol.nl. _25._tcp.mail.wouterhol.nl TLSA ? wrts.nl. _25._tcp.mail.wrts.nl TLSA ? wux.nl. _25._tcp.mailoud.wux.nl TLSA ? wymefa.nl. _25._tcp.mail.wymefa.nl TLSA ? xsarus.nl. _25._tcp.mail.xsarus.nl TLSA ? zipzoo.nl. _25._tcp.mail.zipzoo.nl TLSA ? cpkb.org. _25._tcp.mail.cpkb.org TLSA ? developmentaid.org. _25._tcp.mail-s01.developmentaid.org TLSA ? zim-wiki.org. _25._tcp.mail.zim-wiki.org TLSA ? consultancy.uk. _25._tcp.mail.consultancy.uk TLSA ? -- Viktor.
- [dane] ***SPAM*** 5.6 (5) Problem with ns.forpsi.… Viktor Dukhovni
- [dane] Problem with transip.{eu, net, nl} nameser… Viktor Dukhovni
- [dane] Problem with hostnet.nl/hostnetbv.{com, nl… Viktor Dukhovni
- [dane] Problem with hosting2go.nl nameservers and… Viktor Dukhovni
- [dane] Problem with ns0.nl nameservers and DANE T… Viktor Dukhovni
- Re: [dane] Problem with transip.{eu, net, nl} nam… Peter Saint-Andre - &yet
- Re: [dane] Problem with transip.{eu, net, nl} nam… Viktor Dukhovni