On Jun 25, 2020, at 16:07, Robert Edmonds <[email protected]> wrote:
> This seems like a description of a resolver implementation vulnerable to
> the infamous VU#457875. Perhaps an update to the standards track RFC
> 5452 ("Measures for Making DNS More Resilient against Forged Answers")
> would be more appropriate than a new document? That document mentions
> the security problem caused by having multiple outstanding queries for
> the same question but doesn't clearly state a requirement to
> de-duplicate, perhaps because that mitigation was already very common in
> resolver implementations at the time the document was published.
This puzzled me too. Isn’t this a long solved problem? But apparently not, if
this is now showing up as it apparently does.
It would be interesting to know which dns implementations are failing here.
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
