DNS Hosting provider issues (resolved at citynetwork.se)
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Thu Feb 5 09:38:38 CET 2015
Zitat von Viktor Dukhovni <ietf-dane at dukhovni.org>:
> On Wed, Feb 04, 2015 at 09:12:03PM +0000, Viktor Dukhovni wrote:
>
>> As of today openprovider.eu seems to be resolved, leaving a top 10
>> list with:
>>
>> 121 citynetwork.se
>> 10 grdns.cz
>> 10 binero.se
>> 7 metaregistrar.nl
>> 6 swedenmail.com
>> 5 dnscluster.nl
>> 2 pretecno.it
>> 2 papaki.gr
>> 2 kniestdns.nl
>> 2 forpsi.net
>
> I am finally thrilled to announce that citynetwork.se are also
> done. A firewall was filtering out DNS queries with RRtypes it
> does not know about. Don't let your firewalls do this:
>
>
> http://tools.ietf.org/html/draft-andrews-dns-no-response-issue-06#section-2.5
>
> The known broken domain count is now 87, and the top 9 list (47
> domains total) is now:
>
> 10 registry at binero.se
> 10 admin at grdns.cz
> 7 beheer at metaregistrar.nl
> 6 alex at swedenmail.com
> 5 hostmaster at dnscluster.nl
> 3 hostmaster at papaki.gr
> 2 hostmaster at pretecno.it
> 2 hostmaster at kniestdns.nl
> 2 admin at forpsi.net
>
> It is now reasonably "safe" to enable outbound DANE verification.
> While a few folks are still struggling to keep their DNSSEC zones
> signed correctly, and some others occasionally neglect to update
> TLSA records before installing new certificates, the problem volume
> is now rather low by comparison with the 1050+ domains that work.
Is there a list of some sort with the already known TLSA secured
domains? Would be nice to see the pace of acceptance for different
TLDs and so on.
Regards
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5931 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150205/68279a2e/attachment-0001.bin>
More information about the dane-users
mailing list