One last bit of wondering I have is about this paragraph from Security
Considerations:
"This method can be abused by intentionally deploying broken zones
with agent domains that are delegated to victims. This is
particularly effective when DNS requests that trigger error
messages are sent through open resolvers [RFC8499] or widely
distributed network monitoring systems that perform distributed
queries from around the globe."
Is this a novel risk presented by the proposal? Any more than, say, a
random subdomain attack targeted directly at the agent domain?
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
