[Yeti DNS Discuss] 答复: 答复: Too many dependencies
Davey Song(宋林健)
ljsong at biigroup.cn
Tue Aug 28 01:52:36 UTC 2018
Thanks. I google a slides describing this attack. But I'm still not sure about.
https://indico.dns-oarc.net/event/21/contributions/301/attachments/272/492/slides.pdf
I checked xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c and found nothing weird (65 glue?). I'm not sure what did Stephane found.
Davey
> -----邮件原件-----
> 发件人: Mukund Sivaraman [mailto:muks at mukund.org]
> 发送时间: 2018年8月27日 17:35
> 收件人: Davey Song(宋林健)
> 抄送: 'Stephane Bortzmeyer'; discuss at lists.yeti-dns.org
> 主题: Re: [Yeti DNS Discuss] 答复: Too many dependencies
>
> On Mon, Aug 27, 2018 at 04:32:59PM +0800, Davey Song(宋林健) wrote:
> > Can you share some background on this "issue" ?
>
> iDNS was a type of attack presented by a french security person 3-4 years ago.
> Basically, if a resolver has to resolve a nameserver's address, that can involve
> recursively looking up other nameserver addresses (indirection) infinitely. BIND
> (see CVE-2014-8500) and other resolver projects were affected by this, and the
> fix was to have options that forced a hard limit on the number of individual
> fetches a resolver would perform to service a client query, and also a limit on
> the levels of indirection when looking up a nameserver address.
>
> Mukund
More information about the discuss
mailing list