W.C.A. Wijngaards wrote: > Harden-glue when turned off allows potentially poisonous records in > the cache in the hopes of that enabling DNS resolution for 'impossible > to resolve' domains, it is fixed to have 'less cache poisoning', > quotes added because it is by definition not secure to turn off > harden-glue.
Hi, Wouter: Reading this text from doc/requirements.txt is alarming: The server can be spoofed by getting it to visit a especially prepared domain. This domain then inserts an address for another authoritative server into the cache, when visiting that other domain, this address may then be used to send queries to. And fake answers may be returned. (Also, I think "rfc2182 trust handling" should say "rfc2181 trust handling".) Is this really something that should be a configurable mode in the daemon? It sounds not just insecure, but unsafe to turn off. Maybe the number of users that the configurable helps is outweighed by the number of users harmed by inadvertently toggling it? Do you have any "impossible to resolve" examples that "harden-glue: off" helps to resolve? -- Robert Edmonds [email protected] _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
