[DNSOP] Wildcard junk vs NXDOMAIN junk
"John R. Levine" <johnl@iecc.com> Thu, 07 April 2022 16:50 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0C733A107C for <dnsop@ietfa.amsl.com>; Thu, 7 Apr 2022 09:50:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jDEN1NBNN32Y for <dnsop@ietfa.amsl.com>; Thu, 7 Apr 2022 09:50:33 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA78F3A1054 for <dnsop@ietf.org>; Thu, 7 Apr 2022 09:50:32 -0700 (PDT)
Received: (qmail 28054 invoked from network); 7 Apr 2022 16:50:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type; s=6d93.624f1656.k2204; bh=L+yLzklAsnDUsF4mEzBC90X0eTfv4Ye5wNQLQeXr91w=; b=WsDX+hJDqCaa3NTedWauZsx4UFZLl1Kog+4F247mGzKEt2q1MHkybH4m0GYXM2CJVH133PSK6eBLAkBB1huMTL19VEHP20zGLj6ODVcLoTSYT+uhlSyWUjC0uJ036FQCeu6PrduIJq7mHbVDU8otPK8O4jKR6hNE3DkthEyBzpdkUaVh1VVsCv7jH0KGG2pmg9erTpP7imf3hkL2Rq0mSNFdMjLyWyz/CK9VPFn2DPqmpYORsg2MlSWGq6MeBSrc1OW9s5CXSa2/KS1p5SEo8kjAljucatv6Tm6SfP0A+iggQ2uhCGMV4beL3v/AMfTTcza98FXhiWoJAC9BWhVZ5A==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 07 Apr 2022 16:50:30 -0000
Received: by ary.qy (Postfix, from userid 501) id AF2633B52BEC; Thu, 7 Apr 2022 12:50:29 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 137C63B52BCE for <dnsop@ietf.org>; Thu, 7 Apr 2022 12:50:29 -0400 (EDT)
Date: Thu, 07 Apr 2022 12:50:28 -0400
Message-ID: <9355318d-a779-400f-9e3b-27b53fa3e9bf@iecc.com>
From: "John R. Levine" <johnl@iecc.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
X-X-Sender: johnl@ary.qy
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/H1ZmWdLKuATym2FLBT-pfOtxPVw>
Subject: [DNSOP] Wildcard junk vs NXDOMAIN junk
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2022 16:50:38 -0000
A friend of mine asserts that wildcard DNS records are a problem because hostile clients can use them to fill up DNS caches with junk answers to random queries that match a wildcard. But it seems to me that you can do it just as well with random queries that match nothing and fill up the cache with NXDOMAIN junk answers. Am I missing something here? If you add DNSSEC, with or without RFC 8198 response synthesis, the details change but I don't think answer does, it's about the same either way. I can see attacks where you might use URLs with wildcard names to fill web caches with junk pages (see https://www.web.sp.am/) but that's different. Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
- [DNSOP] Wildcard junk vs NXDOMAIN junk John R. Levine
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Patrik Fältström
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Brian Dickson
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Paul Vixie
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Mark Andrews
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Paul Vixie