DNS Hosting provider issues (resolved at citynetwork.se)

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Feb 5 00:23:24 CET 2015


On Wed, Feb 04, 2015 at 09:12:03PM +0000, Viktor Dukhovni wrote:

> As of today openprovider.eu seems to be resolved, leaving a top 10
> list with:
> 
>      121 citynetwork.se
>       10 grdns.cz
>       10 binero.se
>        7 metaregistrar.nl
>        6 swedenmail.com
>        5 dnscluster.nl
>        2 pretecno.it
>        2 papaki.gr
>        2 kniestdns.nl
>        2 forpsi.net

I am finally thrilled to announce that citynetwork.se are also
done.  A firewall was filtering out DNS queries with RRtypes it
does not know about.  Don't let your firewalls do this:

    http://tools.ietf.org/html/draft-andrews-dns-no-response-issue-06#section-2.5

The known broken domain count is now 87, and the top 9 list (47
domains total) is now:

  10 registry at binero.se
  10 admin at grdns.cz
   7 beheer at metaregistrar.nl
   6 alex at swedenmail.com
   5 hostmaster at dnscluster.nl
   3 hostmaster at papaki.gr
   2 hostmaster at pretecno.it
   2 hostmaster at kniestdns.nl
   2 admin at forpsi.net

It is now reasonably "safe" to enable outbound DANE verification.
While a few folks are still struggling to keep their DNSSEC zones
signed correctly, and some others occasionally neglect to update
TLSA records before installing new certificates, the problem volume
is now rather low by comparison with the 1050+ domains that work.

    https://tools.ietf.org/html/draft-ietf-dane-ops-07#section-8.1
    https://tools.ietf.org/html/draft-ietf-dane-ops-07#section-8.4
    https://tools.ietf.org/html/rfc6781

We'll try to add more features to https://dane.sys4.de/ to help
domain owners not get into trouble, to stay out of trouble, and
get out of trouble quickly if/when they make mistakes.  Stay tuned.

-- 
	Viktor.


More information about the dane-users mailing list