mitigate NXNSAttack protocol vulnerability for wildcards in victim zone
Attacker might generate fake NS records pointing to victim's DNS zone. If the zone contains wildcard the attacker might force us into packet exchange with a (lame) DNS server on that IP address. We now limit number of consecuctive failures and kill whole request if limit is exceeded.
Showing
Please register or sign in to comment