20 May
2020
20 May
'20
10:29 p.m.
Hi Geoff On Thu, May 21, 2020 at 05:49:43AM +1000, Geoff Huston wrote:
This is not a “newly discovered vulnerability. This was presented at DNS OARC 21 by Florian Maury in 2015 https://indico.dns-oarc.net/event/21/contributions/301/attachments/272/492/s..., and also details the fixes applied to resolvers at the time.
As Florian also points out the generic vulnerability of unbounded work flows was identified by Dr Paul Mockapetris in RFC1034 in 1987.
This one is along similar lines but different. This attack bypassed the limits on recursion and indirection that were added by the previous one. Mukund