nanog mailing list archives
Re: DNS Flag Day, Friday, Feb 1st, 2019
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Thu, 24 Jan 2019 00:45:42 -0500
On Thu, Jan 24, 2019 at 12:35 AM Mark Andrews <marka () isc org> wrote:
And if you don’t want to go to the web site you can still see the content here https://github.com/dns-violations/dnsflagday
I think part of my snark was lost as snark here... So, we're asking 'everyone' to do 'something' on behalf of their domains, their users and the rest of the internet... we can't seem to do that in a fashion that's traceable, clearly has ownership and doesn't look like every halfbaked spam campaign in the world. Yes I could go digging for the right starting point at ISC or github or .. what?? Why wasn't this pretty clearly owned by 'ICANN' or some organization like that? It's lovely that github, fastly, gandi and ISC want to help, but... somewhere here some legitimacy could have been injected into the process, right? "HI, we're ICANN we do dns thingies, and we'd like to help make you make things better. Please use the website (provided by our partner(s) X, Y, Z to do the following A, B, C things, and get guidance on repair for problems at site FOO, BAR or BAZ. If there are questions please see our FAQ ( https://www.icann.org/dnsfixin/faq) or email <support () icann org>. Thanks for taking the time to make the world better?" it's not super hard to do this, it's also apparently super easy to look like a spam/malware campaign.
On 24 Jan 2019, at 4:32 pm, Mark Andrews <marka () isc org> wrote: Also as a lot of you use F5 servers here is information about DNS flagdayfixes. https://support.f5.com/csp/article/K07808381?sf206085287=1On 24 Jan 2019, at 3:51 pm, Christopher Morrow <morrowc.lists () gmail com>wrote:On Wed, Jan 23, 2019 at 11:45 PM Mark Andrews <marka () isc org> wrote: Well you can go to https://ednscomp.isc.org and click on "Test YourServers Here”which is what https://dnsflagday.net calls behind the scenes. Youwill just needto interpret the results as they apply to DNS flag day. If you don’twant to gothere you can go to https://gitlab.isc.org and down load and compilethe DNScompliance tester and then run “genreport -i bind11 -e”. which is theactual testcode being run. oh excellent, I'll do this version. thanks. But hey you did do proper acceptance testing when you installed yourDNS serversand firewalls to ensure that they implemented the DNS protocolcorrectly and theyyour firewalls don’t block well formed DNS queries (lots of them do bydefault).I did, yes. MarkOn 24 Jan 2019, at 3:35 pm, Christopher Morrow <morrowc.lists () gmail com> wrote:On Wed, Jan 23, 2019 at 7:11 PM Brian Kantor <Brian () ampr org> wrote: Quoting from the web site at https://dnsflagday.net/ huh, from the 'dns illuminati' eh" DNS hosted by gandi.net? resolves to 3 /32's on 3 adjacent /24's.. ingithub's ip space, routed by fastly.com ...I'm sure glad the whois data for that domain is sensible too... :( none of that particularly leaves me feeling like I should go put anydata at all into the site.-chris-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: DNS Flag Day, Friday, Feb 1st, 2019, (continued)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Bjørn Mork (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Eric Brander (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Niels Bakker (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 23)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Stephen Satchell (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Stephen Satchell (Jan 24)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Jim Popovitch via NANOG (Jan 30)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Christopher Morrow (Jan 30)
- Re: DNS Flag Day, Friday, Feb 1st, 2019 Jim Popovitch via NANOG (Jan 30)