Skip to content
List of DNS violations by implementations, software and/or systems
Branch: master
Clone or download
pspacek Merge pull request #67 from vixie/patch-2
record vendor fix date (2018-12-14)
Latest commit 55651b9 Jan 16, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
2017 Add DVE-2017-0020 (#54) Mar 21, 2018
2018 record vendor fix date (2018-12-14) Dec 14, 2018
LICENSE Initial commit Jan 25, 2017 unhide this text Apr 5, 2017

DNS Violations

List of DNS violations by implementations, software and/or systems


This List consists of DNS Violation Entries (DVE's) that describes known violations to the DNS protocol by implementations, software and/or systems.


The purpose of the List is to better understand how wrongfully the DNS protocol is used out in the wild in order to try and make it better. There is also a great gain for implementers to verify that they can handle wrong DNS correctly.

Community based

The List is driven by the community for the community, anyone can send in a violation and a team of community members will review and accept or reject the violation, this team in called Maintainers. Anyone can request to join the Maintainers team and <acceptance method TBD>.


An implementation, software and/or system is considered to be in violation to the DNS protocol when it does not strongly conform to the current DNS RFCs. Violations can also include updated or obsolete DNS RFCs.


Anyone can submit a DNS violation and request a DVE, this is done as a pull request or an issue. If submitted as a markdown file, add it under the year directory and with the full filename.


The format is Markdown with the following suggested headers, which are not strict but should at least have short and long description. Metadata may be included at the end of headers, together under Metadata header or at the end of the file.

# DVE-<YEAR>-<NUMBER>: <short description>

## Description

<long description>

## Evidence

<the evidance that the violation occurred, can be shell output, tcpdump etc>

## Proposed fix

<how to, hopefully, fix it>

## Workaround

<if there are any>

## DNS Operator/Vendor Response

<if there's any>

## Files

<mime-type> (<optional description>): `<file within DVE year directory>`
application/dns+dnstap: `DVE-YEAR-NUMBER/example.dnstap`
application/dns+dnstap (segfault): `DVE-YEAR-NUMBER/example_that_segfaults.dnstap`

## Metadata

Submitter: <may be used if the source is not a commit>
Submit-Date: <date>
Report-Date: <date> <upstream-contact>
Fixed-Date: <date>
Tags: <free form tags for the DVE as a comma seperated list>
<meta-data>: <value>


You may attach files to the DVE by using the Files section and add the files in a directory related to the DVE as (from repository root) YEAR/DVE-YEAR-NUMBER/.

DVE Allocation

DVE are allocated sequentially starting from the number 1 using the format DVE-<YEAR>-<NUMBER>. The number is allocated on a first-come-first-served bases via pull requests or by the Maintainers for an issue. The Maintainers may reserve a number for an issue by updated the title of the issue with the full DVE and also add a comment addressed to @DNS-OARC/dve-maintainers that it has been reserved. Collisions are rejected/asked to be updated.

Repository Directory Layout

  • In the root of the repository there should only be documentation
  • The DVE is placed under a year directory
  • The DVE is in markdown format and the filename is
  • Optional files attached to the DVE may be put under a directory with the full DVE name under the year directory, example YEAR/DVE-YEAR-NUMBER/file
You can’t perform that action at this time.