Re: [Dnsmasq-discuss] dnsmasq and NXNSAttack
I think it is not, since it does not handle delegation itself. It uses upstream resolvers to do that work for it. If upstream limits processed redirections, it should be ok. But that is just my personal opinion and might be wrong. Regards, Petr On 5/21/20 1:26 AM, Neal P. Murphy wrote: > Is dnsmasq vulnerable to NXNSAttack? > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq and NXNSAttack
On Wed, May 20, 2020 at 07:26:22PM -0400, Neal P. Murphy wrote: > Is dnsmasq vulnerable to NXNSAttack? Text from http://www.nxnsattack.com/ The NXNSAttack is more effective than the NXDomain attack: i) It reaches an amplification factor of more than 1620x on the number of packets exchanged by the recursive resolver. ii) Besides the negative cache, the attack also saturates the ’NS’ resolver caches. Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] dnsmasq and NXNSAttack
Is dnsmasq vulnerable to NXNSAttack? ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss