XFR killed by security
Peter
pmc at citylink.dinoex.sub.org
Mon Mar 4 13:47:40 UTC 2024
Hi folks,
a few days ago I apparently lost the beneficence of my zone feeds,
and XFR started to get into timeout.
Looking at the usual culprits I then found this:
DNS Response containing multiple DNSSEC RRSIG Entries (Algorithm
14) - Possible CVE-2023-50387 Activity
[Classification: Detection of a Denial of Service Attack]
{TCP} 192.0.47.132:53 -> <me>
I don't find it really surprizing that XFR would contain "multiple
RRSIG entries". But, according to the strategy ("shoot first, ask when
the corpses stack to the ceiling"), this thing just kills the transfers.
So, what is it about? Is it something serious?
cheerio,
PMc
More information about the bind-users
mailing list