Date: Tue, 9 Dec 2014 09:30:50 +0100 From: Peter van Dijk <peter.van.dijk@...herlabs.nl> To: oss-security@...ts.openwall.com Subject: Re: PowerDNS Security Advisory 2014-02 Hello Hanno, On 09 Dec 2014, at 9:22 , Hanno Böck <hanno@...eck.de> wrote: > On Tue, 9 Dec 2014 08:16:20 +0100 > Peter van Dijk <peter.van.dijk@...herlabs.nl> wrote: > >> Somebody asked me to (help him) check djbdns today, which we’ll do. >> Any other implementations you are interested in? I have a lab setup >> for this issue so I’m happy to check. > > I think dnsmasq would be interesting. Don't know which servers from the > proprietary world may be worth investigating. As far as I know, dnsmasq cannot actually recurse. Please let me know if I’m wrong, and I’ll test it. >> I’m convinced the loop could involve unwilling victims (unless they >> send responses that break the loop!), but I have not tried this in >> practice. > > However that would be very interesting to know. DNS reflection attacks > are a big thing, if they could be amplified with a loop on the resolver > that'd almost certainly boost this issue to a whole new level. I may test this later :) Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.