The problem is not surprisingly more widespread than the one domain
reported in ticket [0C6-1B9BB2EF-0123]. This will cause email
delivery problems to your customers' domains if not resolved by
fixing the nameserver software. My new (and surely incomplete)
list of affected domains is below.
The newly updated (thanks Casey!) dnsviz.net site now gives a very
clear picture of the problem (just "mouse over" the NSEC3 record
box). A wildcard at the domain level is incorrectly applied below
a sibling node.
http://dnsviz.net/d/_25._tcp.mail.jursoft.cz/dnssec/?rr=52&ds=all&a=all&doe=on&ta=.
Queries for the TLSA records of all the MX hosts below similarly
fail validation. What and when might be done to fully address this
issue?
Domain _25._tcp.mx-host. IN TLSA ?
--------------------------------- ---------------------------
3nicom.cz. _25._tcp.mail.3nicom.cz. IN TLSA ?
abcgames.cz. _25._tcp.mail.abcgames.cz. IN TLSA ?
adol.cz. _25._tcp.mail.adol.cz. IN TLSA ?
amd-autodily.cz. _25._tcp.mail.amd-autodily.cz. IN TLSA ?
arles.cz. _25._tcp.posta.arles.cz. IN TLSA ?
autobox.cz. _25._tcp.mail.autobox.cz. IN TLSA ?
bigbig.cz. _25._tcp.mail.bigbig.cz. IN TLSA ?
bonerix.cz. _25._tcp.smtp2.bonerix.cz. IN TLSA ?
cag.cz. _25._tcp.mail.cag.cz. IN TLSA ?
cenyzbozi.cz. _25._tcp.mail.cenyzbozi.cz. IN TLSA ?
challengept.cz. _25._tcp.mail.challengept.cz. IN TLSA ?
chilli-forum.cz. _25._tcp.mail.chilli-forum.cz. IN TLSA ?
convex.cz. _25._tcp.mail.convex.cz. IN TLSA ?
cz-ebay.cz. _25._tcp.mail.cz-ebay.cz. IN TLSA ?
dum-svitidel.cz. _25._tcp.mailserver.dum-svitidel.cz. IN TLSA
?
dzd.cz. _25._tcp.fw.dzd.cz. IN TLSA ?
efutsal.cz. _25._tcp.mail.efutsal.cz. IN TLSA ?
elitedate.cz. _25._tcp.mailserver.elitedate.cz. IN TLSA ?
equiservis.cz. _25._tcp.server.equiservis.cz. IN TLSA ?
gc-system.cz. _25._tcp.posta.gc-system.cz. IN TLSA ?
gigacomputer.cz. _25._tcp.mail.gigacomputer.cz. IN TLSA ?
happylabel.cz. _25._tcp.mail.happylabel.cz. IN TLSA ?
holmesplace.cz. _25._tcp.mail.holmesplace.cz. IN TLSA ?
hzprofin.cz. _25._tcp.mail.hzprofin.cz. IN TLSA ?
jursoft.cz. _25._tcp.mail.jursoft.cz. IN TLSA ?
kettler.cz. _25._tcp.firma.kettler.cz. IN TLSA ?
koberce-trend.cz. _25._tcp.mail.koberce-trend.cz. IN TLSA ?
koboz.cz. _25._tcp.mail01.koboz.cz. IN TLSA ?
nejlevnejsi-povleceni-zaclony.cz.
_25._tcp.mx.nejlevnejsi-povleceni-zaclony.cz. IN TLSA ?
neovize.cz. _25._tcp.mail.neovize.cz. IN TLSA ?
penta.cz. _25._tcp.mail.penta.cz. IN TLSA ?
poucek.cz. _25._tcp.mail.poucek.cz. IN TLSA ?
prag-aktuell.cz. _25._tcp.isp.prag-aktuell.cz. IN TLSA ?
quadrio.cz. _25._tcp.mail.quadrio.cz. IN TLSA ?
quanti.cz. _25._tcp.mail.quanti.cz. IN TLSA ?
rr-naradi.cz. _25._tcp.remote.rr-naradi.cz. IN TLSA ?
rybolov.cz. _25._tcp.mail.rybolov.cz. IN TLSA ?
sapho.cz. _25._tcp.server.sapho.cz. IN TLSA ?
stanicek.cz. _25._tcp.mail.do.stanicek.cz. IN TLSA ?
starelazne.cz. _25._tcp.mail.starelazne.cz. IN TLSA ?
svetbot.cz. _25._tcp.swenia.svetbot.cz. IN TLSA ?
svetoutdooru.cz. _25._tcp.mail.svetoutdooru.cz. IN TLSA ?
t-led.cz. _25._tcp.mail.t-led.cz. IN TLSA ?
technoline.cz. _25._tcp.mail.technoline.cz. IN TLSA ?
textrix.cz. _25._tcp.mail.textrix.cz. IN TLSA ?
velkebilovice.cz. _25._tcp.mail.velkebilovice.cz. IN TLSA ?
vlasy-in.cz. _25._tcp.mail.vlasy-in.cz. IN TLSA ?
xshare.cz. _25._tcp.mail.xshare.cz. IN TLSA ?
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
