oss-sec mailing list archives
Malicious primary DNS servers can crash secondaries
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 6 Jul 2016 12:10:19 +0200
It turns out that most DNS server implementations do not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server.
Some references: https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790PowerDNS is reportedly affected as well, but I did not find a public bug for this issue.
Florian
Current thread:
- Malicious primary DNS servers can crash secondaries Florian Weimer (Jul 06)
- Re: Malicious primary DNS servers can crash secondaries cve-assign (Jul 06)
- Re: Malicious primary DNS servers can crash secondaries Remi Gacogne (Jul 07)