[DNSOP] Security concerns for DNS-RR (Internet Draft)
Stanislav Dashevskyi <stanislav.dashevskyi@forescout.com> Tue, 04 May 2021 11:56 UTC
Return-Path: <stanislav.dashevskyi@forescout.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43A043A3169 for <dnsop@ietfa.amsl.com>; Tue, 4 May 2021 04:56:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forescout.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2LzV2i9qgGb for <dnsop@ietfa.amsl.com>; Tue, 4 May 2021 04:56:49 -0700 (PDT)
Received: from us-smtp-delivery-177.mimecast.com (us-smtp-delivery-177.mimecast.com [170.10.133.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 775EF3A3163 for <dnsop@ietf.org>; Tue, 4 May 2021 04:56:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forescout.com; s=mimecast; t=1620129407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=C/J0A09vx4NQBuWqabtXB1coukxwIOvplJ35PFfLMFo=; b=f3AT1B+kj7B8a47E5mlYiKvSDl1ck5CTucM8iAsDncBCM+vCIWAFfsYG44NVxYgDZPT9ho wOnqSsPFTIENmgSLLDj1Opz086qF4DtMqCCO6W2cnTPKL2h2XKUOX4ejTvn4S3RNyyQ6JX oavV/NzyBxlrHixOWIH8EDpV1e4ICxE=
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2176.outbound.protection.outlook.com [104.47.58.176]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-432-yHqgEZwRM2-i3rSyHV8Xfg-1; Tue, 04 May 2021 07:56:42 -0400
X-MC-Unique: yHqgEZwRM2-i3rSyHV8Xfg-1
Received: from BYAPR13MB2455.namprd13.prod.outlook.com (2603:10b6:a02:bf::19) by BY5PR13MB3889.namprd13.prod.outlook.com (2603:10b6:a03:22a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.10; Tue, 4 May 2021 11:56:39 +0000
Received: from BYAPR13MB2455.namprd13.prod.outlook.com ([fe80::58f0:dd5b:1db8:f62d]) by BYAPR13MB2455.namprd13.prod.outlook.com ([fe80::58f0:dd5b:1db8:f62d%6]) with mapi id 15.20.4108.025; Tue, 4 May 2021 11:56:39 +0000
From: Stanislav Dashevskyi <stanislav.dashevskyi@forescout.com>
To: "dnsop@ietf.org" <dnsop@ietf.org>
CC: Daniel dos Santos <daniel.dossantos@forescout.com>, Elisa Costante <elisa.costante@forescout.com>, Amine Amri <amine.amri@forescout.com>, "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>
Thread-Topic: Security concerns for DNS-RR (Internet Draft)
Thread-Index: AddA1JuiESq2oHmtTF++WJBStlCg8A==
Date: Tue, 04 May 2021 11:56:39 +0000
Message-ID: <BYAPR13MB245512840C0CAF234BA3EB33975A9@BYAPR13MB2455.namprd13.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [213.127.90.255]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 53d86b1a-ae7b-48e0-d594-08d90ef3ad25
x-ms-traffictypediagnostic: BY5PR13MB3889:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BY5PR13MB388990666194903160F23AA8975A9@BY5PR13MB3889.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: thjJ2ZY78Rt2XeAvG+vbLIBhc+I9M9WVj+t2Zf1QA+EfPaa367iH403coZG6NSPyz67da7IPIj6yRbEbETNVBso504w/sAGSU7kTrMwtki7Gz4ryR17hDLlW7NvQZQM824XKmqV8C3jMUCxAatiFUugfz9xKyvmHO0qF/+rLVpmuenXup1LL2Zunq0xwodJSdR3XEJ1RwvDR4NiBIQ7ZxLcyOussRiIJw4SpKQ3K9ipp3qHmb8A5Mwi8Fn2EZBPsnEyukFYSn75tfxrK6YUnxRUuCifP9GnQufHLOXyI5eSht8pBdfB9Z5JurlF88uloqMn48x7Dnqv5YaAo3GFIfU0W2lcgUSKK1QLMHEKsds1AVoFOWv5HtPec2wxH3P4/OLtylMdNtoRV6TJn2WqL70NbC4l70iJPW5mfcr7ZuqnKJSwB07Paw7+eTLt0MhA1FoPxeh3uB6n1CTw4g3FtrXJQbQfaGr1xNHJHY4Su0RoKj4xLYsOlNX9STN1YQB9Z5VlZnCdBF7qqNMTKwufhAPnj5U6CAtWRtt1AcNk2ZO3fKX5oFP5A3hIhqGfW3ouMAH81YxRSfPYU6g8iLs3J1msNqiG7cagjd5rfIhkQxdtQK49wy0fZGw19EV6Orra+lVsxKlxKZkn2NZJ14nLWC+vpAytioqoisy2wyZQMX3J4u/abBdaSiZBFg82C3Hci
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR13MB2455.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(376002)(366004)(136003)(39850400004)(9686003)(316002)(26005)(55016002)(54906003)(8676002)(7696005)(186003)(15650500001)(71200400001)(966005)(6916009)(52536014)(478600001)(4326008)(76116006)(166002)(8936002)(2906002)(86362001)(66446008)(5660300002)(66476007)(66556008)(66946007)(6506007)(64756008)(83380400001)(122000001)(38100700002)(44832011)(33656002); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata: 1qiS+F3VCAgGul57wSNm2ukmMwRR7I4TTBfgpoLAkbVRiX+YLolSwH0RkcJm5wL3JRK5HPGQb6O2Do8T/v+8mjAOlqoUjVDmQlSr5mvu7THqeTdzhfnT/+h7XM2GAM8mwKAkjV3coSqDy1NJaM8dGiKcCpohovP1rJRmeAS9dPNrNtb9R7ocCQ9yEJrTyCYmvYkrDeWOsCm3Lygg6zKm5iKv7xJRfnrx3s4JcMIyUwbKO3Nrr6GmahUj26OCnN0F6kbX06BE5p5/Rd3TBl9cmCivY3CYs4J5c+COx9WCxsno9fC40UliqQjsoLOY8JQjry4j1LHwcN7E/DT/SqG/jArLc90quyGvs9upCb9QsircuprFCAdxaXCf6TKfIWCSwy5jIwPVBDQFuPo0AD/BdsJy7tFaHZ+w+ty54Li/9VpZlPblqIyAcWp8JrVumQl7ymjzvWYq0LcOt4i999LxVZaZ8dK66l21uzYa2IYGTa5dqhevuYRB4xDDmxK/d8l/HRlvevMbUTiDut0AVIdtINI7MvG+ZCr00QImxKLxFCRorTg/PkWJIeGtF3GLbGbazXKJR38viIBUVrEYTgR3DBjPbJlyawPjj61gW4DCwxDo7YbiQ306d6QJ0X/hLCF8SR5gJ1LqyYz3207Ia3gMZrZJAMSqvr0gE6urfn5+Rd+Ldm0ZWXwRzlbpyT+58Y8zjSzx/9zk1razhAd9y3ITbaqjWdU1V0Co4oRjcLLRXD4UjmM1mHnTzOnGdb2d6eujDx3z74YwnLFCzFttO+wTrOnP3NQpBDthtcAS+eyjLWdRWCTrAQzJsDuPNXzipnm5X+p2VtqiqfwEbctCzpyLZVhKPkYgKgVmc0aR4RgRHMNepk6K5btQ0tQhdoGP1mzVThsDNh4fgqfcmY2q/xpVrBjaCTJwEfiC400qt8iFIoywjsoBD5Vw8oGcSIOlE96AWME4pAM/i+OqSubIJBqjpgtLlG6OuTTeT4ypeSnL5d8TKgAqz6izRDCT5tygDK9csUMYB6kAZrqtSuat0Fd2MMEOH1A/IZLHcdvLK25SPnjfVVqKelzuttXrNoFbMubcj1CS0SURJkaGpO9SfyVusAMNPAGBUvZBhoz3Dst7vpQugTO28+fc3fJzw2bX85gjUhyE7L7Gl9ZTtFjXxdICooOdYINmIFALkiz+97fVmkV7JXKVEOMynQ2t8o0EIvN6iqug8r67tfngHTpMPA/VkowLKw3Wk8gSSvwogMrnxBxe0U/us8aJS8DagRYXTnv+BSb/hcZvmplK0JPqMeZ0wKb+B5w/caPQeWqjjrq/RShVuojfHBrCXZ1f/ou+QR94
MIME-Version: 1.0
X-OriginatorOrg: forescout.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR13MB2455.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 53d86b1a-ae7b-48e0-d594-08d90ef3ad25
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2021 11:56:39.3126 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: abd6fe7e-9e8e-49d9-bdc9-a75d3e96c582
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Vy/EUQqyeeUSw6GJqjArJdreOeum3D1gFIfIVw/PMaYUqCrt6KlM4Q385Tv/JiWGhEdFLPC69FS6BmTkFmvvbmqbFQNPI8t9EKzH3Aj0PeFITOX9fJSb95s42dgpFTaW
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3889
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA77A403 smtp.mailfrom=stanislav.dashevskyi@forescout.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: forescout.com
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_BYAPR13MB245512840C0CAF234BA3EB33975A9BYAPR13MB2455namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/y_wtoNwl2jRcoqOBgTOu3KJ9SE4>
Subject: [DNSOP] Security concerns for DNS-RR (Internet Draft)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 May 2021 12:08:29 -0000
Dear DNSOP community, I would like to introduce an informational draft by Forescout Research Labs. The draft discusses common implementation flaws in DNS clients that lead to security vulnerabilities. This draft stems from a set of vulnerabilities found during our research (https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/). Initially we planned this as an Independent Stream submission, but Mr. Farrel (the Editor) suggested that posting here may be more appropriate. We would appreciate any feedback, the draft be found here: https://datatracker.ietf.org/doc/draft-dashevskyi-dnsrr-antipatterns/ We would also like to take this opportunity to ask you some questions: - What else could we say in this draft that would be of value? - Are there any additional vulnerabilities relevant to this draft that can be added? - What should be done with this draft? (e.g., should it remain as an Independent Stream publication?) Kind regards, Stanislav Dashevskyi Researcher Forescout Technologies, Inc. stanislav.dashevskyi@forescout.com<mailto:stanislav.dashevskyi@forescout.com> www.forescout.com<http://www.forescout.com/> WARNING - CONFIDENTIAL INFORMATION: ________________________________ The information contained in the e-mail may contain confidential and privileged information and is intended solely for the use of the intended recipient(s). Access for any review, re-transmission, dissemination or other use of, or taking of any action in regard and reliance upon this e-mail by persons or entities other than the intended recipient(s) is unauthorized and prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachments.
- [DNSOP] Security concerns for DNS-RR (Internet Dr… Stanislav Dashevskyi