Re: [dane] Please help to remediate broken DNSSEC hosting
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 20 November 2014 07:34 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 083711A00B0 for <dane@ietfa.amsl.com>; Wed, 19 Nov 2014 23:34:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmIK44ZPzWEJ for <dane@ietfa.amsl.com>; Wed, 19 Nov 2014 23:34:47 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28BE01A00AE for <dane@ietf.org>; Wed, 19 Nov 2014 23:34:47 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 89B47282F88; Thu, 20 Nov 2014 07:34:45 +0000 (UTC)
Date: Thu, 20 Nov 2014 07:34:45 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20141120073445.GM13179@mournblade.imrryr.org>
References: <20141027225310.29285.24437.idtracker@ietfa.amsl.com> <F0C0FC32-FAA7-4D07-A230-59A538754BCD@isoc.org> <20141120062942.GL13179@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20141120062942.GL13179@mournblade.imrryr.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/zpg8zh6NQjOLBxqk-uhsksaE6Sw
Subject: Re: [dane] Please help to remediate broken DNSSEC hosting
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 07:34:49 -0000
On Thu, Nov 20, 2014 at 06:29:42AM +0000, Viktor Dukhovni wrote: > A number of large DNS hosting providers have enabled DNSSEC support, > but are using nameserver software that is not compatible with the > specification with respect to authenticated denial of existence. Note, by far the bulk of the problem is with transip. From their website: https://www.transip.co.uk/domain-name/transdns/ DNSSEC TransDNS is the foundation of our DNSSEC implementation, a DNS protocol security extension. Signing more than 500.000 domain names with DNSSEC was a challenge we gladly accepted. Because of TransDNS we were one of the first domain providers in The Netherlands that signed all our domain names. We are now the largest DNSSEC provider in the world. We could not have done this with third-party solutions. That is the reason why we develop everything in-house. Perhaps they have more problems that show up in interop tests because they indeed signed so many more domains that anyone else. In any case, they would be a good place to start remediation. If anyone has contacts there and can reach out that would be great. -- Viktor.
- [dane] Fwd: New Version Notification for draft-yo… Dan York
- Re: [dane] Fwd: New Version Notification for draf… Viktor Dukhovni
- Re: [dane] Fwd: New Version Notification for draf… Michael Ströder
- Re: [dane] Fwd: New Version Notification for draf… Viktor Dukhovni
- Re: [dane] Fwd: New Version Notification for draf… Dan York
- Re: [dane] Fwd: New Version Notification for draf… Viktor Dukhovni
- Re: [dane] Fwd: New Version Notification for draf… Viktor Dukhovni
- Re: [dane] Fwd: New Version Notification for draf… Shumon Huque
- Re: [dane] Fwd: New Version Notification for draf… Dan York
- Re: [dane] Fwd: New Version Notification for draf… Viktor Dukhovni
- Re: [dane] Fwd: New Version Notification for draf… James Cloos
- Re: [dane] Fwd: New Version Notification for draf… Viktor Dukhovni
- Re: [dane] Fwd: New Version Notification for draf… Paul Wouters
- Re: [dane] Fwd: New Version Notification for draf… Viktor Dukhovni
- [dane] Please help to remediate broken DNSSEC hos… Viktor Dukhovni
- Re: [dane] Please help to remediate broken DNSSEC… Viktor Dukhovni
- Re: [dane] Please help to remediate broken DNSSEC… Marco Davids (SIDN)
- Re: [dane] Please help to remediate broken DNSSEC… Viktor Dukhovni
- Re: [dane] Please help to remediate broken DNSSEC… Mark Andrews
- Re: [dane] Please help to remediate broken DNSSEC… Viktor Dukhovni