Skip to content
Snippets Groups Projects
Verified Commit ba7b89db authored by Vladimír Čunát's avatar Vladimír Čunát Committed by Petr Špaček
Browse files

mitigate NXNSAttack protocol vulnerability for wildcards in victim zone

Attacker might generate fake NS records pointing to victim's DNS zone.
If the zone contains wildcard the attacker might force us into packet
exchange with a (lame) DNS server on that IP address.

We now limit number of consecuctive failures and kill whole request if
limit is exceeded.
parent 54f05e4d
Branches
Tags
1 merge request!1003NXNSAttack mitigation
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment