Re: your mail

From: Brian Wellington (bwellingat_private)
Date: Thu Nov 11 1999 - 11:39:18 PST

Next message: Alain Thivillon: "Re: your mail"

Previous message: Bill Nottingham: "[RHSA-1999:054-01] Security problems in bind"
Next in thread: Alain Thivillon: "Re: your mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 11 Nov 1999, Anonymous wrote:

> Ooh, those pesky NXT records.  Like I process those every day.
> Fascinating read in RFC 2535, but suppose I don't have any NXT
> records in my own zones, under what circumstances will my DNS server
> commit the sin of "the processing of NXT records"?  In other words,
> are all of us vulnerable (even caching-only name servers if so, I
> imagine!), or only people with NXT records?  This makes a big difference!

Caching-only servers are also vulnerable.  The NXT record is no different
that any other DNS record in this case.  If someone is able to make your
server fetch a maliciously-constructed NXT record, it will cause problems.
A query to a caching server will force the server to send a recursive
query, which makes the caching server vulnerable.

Brian

Next message: Alain Thivillon: "Re: your mail"
Previous message: Bill Nottingham: "[RHSA-1999:054-01] Security problems in bind"
Next in thread: Alain Thivillon: "Re: your mail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:25 PDT