On Thu, Aug 06, 2015 at 06:20:01AM +0000, Viktor Dukhovni wrote:
The clusters operated by an outside provider are still running software that has obsolete DNSSEC software. Binero and I will be reaching out to the provider to encourage them to address the issue in a timely manner. With luck, that should remediate any additional customers of that provider.
The outside provider has acknowledged the software defect, and will be working on a fix. This may take a bit of time, because they have an in-house developed DNS server, so it is not just a matter of upgrading to an existing already fixed software release.
* Incorrect handling of "denial of existence" in older versions of PowerDNS.
Speaking of poor handling of denial of existence, is anyone on this list a DNS hosting customer of "isphuset.no"? I am not having much luck getting them to respond to an open ticket about 26 domains they serve that seem to have the above issue. If you are a customer, you might have better luck getting them to respond to ticket:
#WWP-ISPH-922-70734
Alternatively, if you know any of the technical staff there, please drop them a note. The problem domains are:
amihotel.no apilar.no aprilarkitekter.no bgresearch.no binzel.no cyclingnorway.no eh-bygg.no fikse-design.no flashmedia.no golfhandelen.no gustavsenas.no human-resources.no internot.no kajakkspesialisten.no klimasystem.no norskaudioteknikk.no olympic.no partnerline.no quint.no rfi.no scansat.no schou-andreassen.no shad.no spoe.no ti-industrier.no zelektro.no
and DANE SMTP servers will defer all main to these domains because TLSA record lookups SERVFAIL.