[12548] in bugtraq
Re: your mail
daemon@ATHENA.MIT.EDU (Brian Wellington)
Fri Nov 12 12:49:11 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9911111415130.18963-100000@spiral.gw.tislabs.com>
Date: Thu, 11 Nov 1999 14:39:18 -0500
Reply-To: Brian Wellington <bwelling@TISLABS.COM>
From: Brian Wellington <bwelling@TISLABS.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199911110238.DAA24292@sofuku.monster.org>
On Thu, 11 Nov 1999, Anonymous wrote:
> Ooh, those pesky NXT records. Like I process those every day.
> Fascinating read in RFC 2535, but suppose I don't have any NXT
> records in my own zones, under what circumstances will my DNS server
> commit the sin of "the processing of NXT records"? In other words,
> are all of us vulnerable (even caching-only name servers if so, I
> imagine!), or only people with NXT records? This makes a big difference!
Caching-only servers are also vulnerable. The NXT record is no different
that any other DNS record in this case. If someone is able to make your
server fetch a maliciously-constructed NXT record, it will cause problems.
A query to a caching server will force the server to send a recursive
query, which makes the caching server vulnerable.
Brian
