Bugtraq mailing list archives
Re: your mail
From: bwelling () TISLABS COM (Brian Wellington)
Date: Thu, 11 Nov 1999 14:39:18 -0500
On Thu, 11 Nov 1999, Anonymous wrote:
Ooh, those pesky NXT records. Like I process those every day. Fascinating read in RFC 2535, but suppose I don't have any NXT records in my own zones, under what circumstances will my DNS server commit the sin of "the processing of NXT records"? In other words, are all of us vulnerable (even caching-only name servers if so, I imagine!), or only people with NXT records? This makes a big difference!
Caching-only servers are also vulnerable. The NXT record is no different that any other DNS record in this case. If someone is able to make your server fetch a maliciously-constructed NXT record, it will cause problems. A query to a caching server will force the server to send a recursive query, which makes the caching server vulnerable. Brian
Current thread:
- (no subject) Anonymous (Nov 10)
- (no subject) David R. Conrad (Nov 11)
- Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND Solar Designer (Nov 12)
- Buffer overflow exploit in the alpha linux Taeho Oh (Nov 13)
- Re: Buffer overflow exploit in the alpha linux Lamont Granquist (Nov 15)
- Re: your mail Brian Wellington (Nov 11)
- Re: your mail Alan Brown (Nov 12)
- [ Cobalt ] Security Advisory - Bind Jeff Bilicki (Nov 12)
- Microsoft Security Bulletin (MS99-049) Aleph One (Nov 12)
- Re: your mail Alain Thivillon (Nov 11)
- [w00giving '99 #3, w00news] UnixWare 7's /var/sadm Matt Conover (Nov 11)
- Re: your mail Firstname Lastname (Nov 12)
- (no subject) David R. Conrad (Nov 11)