On Tue, Aug 18, 2015 at 05:02:22AM +0000, Viktor Dukhovni wrote:
Speaking of poor handling of denial of existence, is anyone on this list a DNS hosting customer of "isphuset.no"?
#WWP-ISPH-922-70734
While the isphuset.no issue is still open, I have some good news on that front:
Though no firm date at this time, the issue has not been dropped, it seems that upgraded software is undergoing internal testing, and once some issues have been ironed out will eventually be rolled out.
The "mail.mil" DNS server folks are working on their DNS issue, and today for the first time one the name servers for "mail.mil" and similar domains has started responding to TLSA queries. With a bit luck the rest will soon follow, but already DANE-enabled servers should be able to reach the domains below (perhaps after a couple of retries if DNS queries initially fail) without explicit work-arounds:
fai.gov afnoc.af.mil afms.mil centcom.mil dau.mil dc3.mil dcaa.mil dcma.mil deca.mil defenselink.mil dfas.mil dimhrs.mil dla.mil dma.mil dmdc.mil doded.mil dodig.mil dsca.mil dss.mil dtra.mil forge.mil homes.mil jfcom.mil jsf.mil jten.mil mail.mil militaryonesource.mil navy.mil nga.mil osd.mil pacom.mil pentagon.mil pfpa.mil sapr.mil soc.mil stratcom.mil uscg.mil usmc.mil ustranscom.mil whs.mil