Data exfiltration using DNS RPZ
Grant Taylor
gtaylor at tnetconsulting.net
Sun Jun 17 17:27:24 UTC 2018
On 06/17/2018 11:18 AM, Vadim Pavlov via bind-users wrote:
> Just to be more clear. DNSSEC records can contain any content and can
> be used for infiltration/tunneling.
Ah. I think I see.
> E.g. If you request DNSKEY record (you can encode your request in fqdn)
> you will get it exactly "as is". Intermediate DNS servers do not validate
> the records.
You aren't talking about using the DNSSEC mechanisms to {in,ex}filtrate
data as much as you are talking about {ab}using the resource records
that DNSSEC uses as a vector to hide data.
> So instead of "standard/usual" TXT records you can use DNSKEY to pass
> data from a DNS remote server.
ACK
Thank you for the explanation.
--
Grant. . . .
unix || die
More information about the bind-users
mailing list