[dns-wg] Announcement: Test Report on DNSSEC impact on SOHO CPE

Ray.Bellis at nominet.org.uk Ray.Bellis at nominet.org.uk
Tue Sep 16 14:55:44 EDT 2008


> The report is excellent. Thank you very much for sharing it with us.

You're welcome :)

> I have two questions.
> 
> 1) Vendor actions
> 
>     What are the vendor status and/or responses? Were they contacted? 
did they
>     respond? Are they planning updates?

We did contact vendor technical support, in particular to determine 
whether any work-arounds exist on those routers that don't appear to allow 
the DNS settings in the DHCP server to be changed.

However attempts to reach product management types to talk about 
implementation issues were generally fruitless.  I did manage to report my 
findings to Zyxel UK through an existing contact, though.

I'm hoping that some of the vendors will get in touch with me, now that 
the report is published.

> 2) base OS?
> 
>     Is there a similarity in these firmwares? eg are they using the same
>     DNS software inside? Perhaps the vendors are not the people we 
should
>     be talking to? For instance, many Linux based routers use the 
"dnsmasq"
>     software. Depending on its status, it might be worth contacting the
>     upstream software provider of the commercial router vendors.

We didn't see any direct evidence of shared code between vendors.  We did 
see some quirks that might suggest commonality (e.g. NAT tranlation 
failures) but didn't look for anything to prove a link.

kind regards,

Ray

-- 
Ray Bellis, MA(Oxon)
Senior Researcher in Advanced Projects, Nominet
e: ray at nominet.org.uk, t: +44 1865 332211



More information about the Dnssec-deployment mailing list