Bind dns amplification attack
Grant Taylor
gtaylor at tnetconsulting.net
Tue Mar 28 18:18:30 UTC 2023
On 3/28/23 11:28 AM, Matus UHLAR - fantomas wrote:
> Yes, this is one of the problem "authoritative zones for local use".
Authorizing the /zone/ for local use wasn't the problem. The problem
was that the world could get some of that zone's data from the query
cache even if they couldn't query the zone directly.
> The default root "hint" zone is only available for those who have
> recursion available.
I feel like the "root hint zone" is considerably different than "root
zone" proper. The fact that they have different zone types seems to
support that.
;-)
I bring this up as this is something that I've stubbed my toe on and I
would like it if others can avoid similarly stubbing their toes.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230328/2f93a625/attachment-0001.bin>
More information about the bind-users
mailing list