Re: [DNSOP] Wildcard junk vs NXDOMAIN junk
Patrik Fältström <paf@frobbit.se> Thu, 07 April 2022 20:49 UTC
Return-Path: <paf@frobbit.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ADDC3A1755 for <dnsop@ietfa.amsl.com>; Thu, 7 Apr 2022 13:49:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=frobbit.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Knigx93_--UC for <dnsop@ietfa.amsl.com>; Thu, 7 Apr 2022 13:49:11 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [85.30.129.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A13F83A1757 for <dnsop@ietf.org>; Thu, 7 Apr 2022 13:49:11 -0700 (PDT)
Received: from [192.168.10.128] (c-c5dd524e.028-114-73746f27.bbcust.telenor.se [78.82.221.197]) by mail.frobbit.se (Postfix) with ESMTPSA id 95EB02058A; Thu, 7 Apr 2022 22:49:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=frobbit.se; s=mail; t=1649364547; bh=584SsHHv2SpJDbc6ppoOwCDJsQFMbpHajJY3avKwg28=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lMh/lNaYDdmTcW46TCcCQl7acvq6HGFx5JIQwWVmEgij3VAWhMXFh7NeqEd5phHq3 TRAFyUKa3G13R40jGQxBGCgi2atG/2OFMUQ35+zv/AIvle0vNJcSmjNfMcUSfs8ooR roBCLP4VVdoZ2DBewVIW7bUPsCCoiiJ/I5wV2J5E=
From: Patrik Fältström <paf@frobbit.se>
To: "John R. Levine" <johnl@iecc.com>
Cc: WG <dnsop@ietf.org>
Date: Thu, 07 Apr 2022 22:49:05 +0200
X-Mailer: MailMate (1.14r5864)
Message-ID: <EDD787D3-0D30-436E-A46D-DAE157CD4FF4@frobbit.se>
In-Reply-To: <9355318d-a779-400f-9e3b-27b53fa3e9bf@iecc.com>
References: <9355318d-a779-400f-9e3b-27b53fa3e9bf@iecc.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_40B27E9D-52AD-4BD5-91AE-57383EB6FC64_="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/NvZ1QRJz1G2WT-j-ZEdQshDvnqY>
Subject: Re: [DNSOP] Wildcard junk vs NXDOMAIN junk
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2022 20:49:18 -0000
On 7 Apr 2022, at 18:50, John R. Levine wrote: > A friend of mine asserts that wildcard DNS records are a problem because hostile clients can use them to fill up DNS caches with junk answers to random queries that match a wildcard. But it seems to me that you can do it just as well with random queries that match nothing and fill up the cache with NXDOMAIN junk answers. Am I missing something here? I don't think so, part from of course that the TTL of the cached data might be different depending on whether the query matches something or not. Patrik > If you add DNSSEC, with or without RFC 8198 response synthesis, the details change but I don't think answer does, it's about the same either way. > > I can see attacks where you might use URLs with wildcard names to fill web caches with junk pages (see https://www.web.sp.am/) but that's different. > > Regards, > John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", > Please consider the environment before reading this e-mail. https://jl.ly > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Wildcard junk vs NXDOMAIN junk John R. Levine
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Patrik Fältström
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Brian Dickson
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Paul Vixie
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Mark Andrews
- Re: [DNSOP] Wildcard junk vs NXDOMAIN junk Paul Vixie