The report is excellent. Thank you very much for sharing it with us.
You're welcome :)
I have two questions.
1) Vendor actions
What are the vendor status and/or responses? Were they contacted?
did they
respond? Are they planning updates?
We did contact vendor technical support, in particular to determine
whether any work-arounds exist on those routers that don't appear
to allow
the DNS settings in the DHCP server to be changed.
However attempts to reach product management types to talk about
implementation issues were generally fruitless. I did manage to
report my
findings to Zyxel UK through an existing contact, though.
I'm hoping that some of the vendors will get in touch with me, now
that
the report is published.
2) base OS?
Is there a similarity in these firmwares? eg are they using
the same
DNS software inside? Perhaps the vendors are not the people we
should
be talking to? For instance, many Linux based routers use the
"dnsmasq"
software. Depending on its status, it might be worth
contacting the
upstream software provider of the commercial router vendors.
We didn't see any direct evidence of shared code between vendors.
We did
see some quirks that might suggest commonality (e.g. NAT tranlation
failures) but didn't look for anything to prove a link.
kind regards,
Ray
--
Ray Bellis, MA(Oxon)
Senior Researcher in Advanced Projects, Nominet
e: ray@localhost, t: +44 1865 332211
#############################################################
This message is sent to you because you are subscribed to
the mailing list dnssec-deployment@localhost.
To unsubscribe, E-mail to: dnssec-deployment-off@localhost
A public archive is available here: <http://mail.shinkuro.com:8100/
Lists/dnssec-deployment/>
and older material is at
<http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
you are here: RIPE -> RIPE Maillists > Archives
