nanog mailing list archives
Re: DNSSEC and ISPs faking DNS responses
From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Sat, 14 Nov 2015 18:26:40 +0100
On Sat, Nov 14, 2015 at 01:36:06AM -0500, Jean-Francois Mezei <jfmezei_nanog () vaxination ca> wrote a message of 71 lines which said:
Loto Québec is supposed to be testing for compliance, and I am not sure how they will do that short of having a subscription to every ISP that sells services in Québec.
They will simply use RIPE Atlas probes, as we all do to test our networks from the outside. Here, Bulgaria, where the mandatory blocking of gambling Web sites is far from perfect (the right IP address is 5.226.176.16): % python resolve-name.py --requested=500 --country=BG www.bet365.com Measurement #2930308 for www.bet365.com/A uses 94 probes [] : 1 occurrences [193.24.240.122] : 1 occurrences [84.54.148.18] : 1 occurrences [212.73.128.166] : 1 occurrences [212.39.93.34] : 3 occurrences [ERROR: SERVFAIL] : 1 occurrences [5.226.176.16] : 75 occurrences [127.0.0.1] : 4 occurrences Test done at 2015-11-14T17:14:20Z A few lying DNS resolvers but not much.
(Maybe they think they only have to test 3 ISPs, (telcos and cablecos) and don't realise they have over 100 ISPs to test for compliance).
My experience with these sort of organisations is that they don't care about 100 % compliance. They're only interested in "good enough" (the three largest ISPs...)
Current thread:
- Re: DNSSEC and ISPs faking DNS responses, (continued)
- Re: DNSSEC and ISPs faking DNS responses Stephane Bortzmeyer (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Marco Davids (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Nick Hilliard (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Matt Palmer (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Alarig Le Lay (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Stephane Bortzmeyer (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Jean-Francois Mezei (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Roland Dobbins (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses Owen DeLong (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses Roland Dobbins (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses Stephane Bortzmeyer (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses Baldur Norddahl (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses John Levine (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses Alejandro Acosta (Nov 12)
- Re: DNSSEC and ISPs faking DNS responses Owen DeLong (Nov 12)
- Re: DNSSEC and ISPs faking DNS responses John Levine (Nov 12)
- Re: DNSSEC and ISPs faking DNS responses Owen DeLong (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses John R. Levine (Nov 13)
- RE: DNSSEC and ISPs faking DNS responses eric-list (Nov 13)
- RE: DNSSEC and ISPs faking DNS responses Tony Finch (Nov 16)