oss-sec mailing list archives
Re: PowerDNS Security Advisory 2014-02
From: Peter van Dijk <peter.van.dijk () netherlabs nl>
Date: Tue, 9 Dec 2014 09:30:50 +0100
Hello Hanno, On 09 Dec 2014, at 9:22 , Hanno Böck <hanno () hboeck de> wrote:
On Tue, 9 Dec 2014 08:16:20 +0100 Peter van Dijk <peter.van.dijk () netherlabs nl> wrote:Somebody asked me to (help him) check djbdns today, which we’ll do. Any other implementations you are interested in? I have a lab setup for this issue so I’m happy to check.I think dnsmasq would be interesting. Don't know which servers from the proprietary world may be worth investigating.
As far as I know, dnsmasq cannot actually recurse. Please let me know if I’m wrong, and I’ll test it.
I’m convinced the loop could involve unwilling victims (unless they send responses that break the loop!), but I have not tried this in practice.However that would be very interesting to know. DNS reflection attacks are a big thing, if they could be amplified with a loop on the resolver that'd almost certainly boost this issue to a whole new level.
I may test this later :) Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 09)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 09)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 12)