funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICANN 2005 DNS Security Workshop

From: Valdis.Kletnieks () vt edu
Date: Sun, 29 Jun 2008 02:29:46 -0400
On Sat, 28 Jun 2008 22:09:52 CDT, Randy said:

Where did it go wrong?


For starters, consider all the unclued DNS operators that think that TCP/53 is
*only* used for zone transfers, so the block it.  When they get a query from a
user that recurses to a DNSSEC entry that doesn't fit in 512 bytes, they get
back a 'truncated' reply. Their DNS resolver then retries on TCP and gets hosed
by the firewall.

Attachment: _bin
Description: 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: