IETF Logo Mail Archive

RFC1535 on DNS Software Enhancements

"Joyce K. Reynolds" <jkrey@isi.edu> Wed, 06 October 1993 23:48 UTC

Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa15676; 6 Oct 93 19:48 EDT
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa25118; 6 Oct 93 19:48 EDT
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa15665; 6 Oct 93 19:48 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa15642; 6 Oct 93 19:46 EDT
Received: from zephyr.isi.edu by CNRI.Reston.VA.US id aa25101; 6 Oct 93 19:46 EDT
Received: from akamai.isi.edu by zephyr.isi.edu (5.65c/5.61+local-13) id <AA15290>; Wed, 6 Oct 1993 16:46:58 -0700
Message-Id: <199310062346.AA15290@zephyr.isi.edu>
To: IETF-Announce:;
Subject: RFC1535 on DNS Software Enhancements
Cc: jkrey@isi.edu
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
Date: Wed, 06 Oct 1993 16:46:56 -0700
Sender: ietf-announce-request@IETF.CNRI.Reston.VA.US
From: "Joyce K. Reynolds" <jkrey@isi.edu>

A new Request for Comments is now available in online RFC libraries.


        RFC 1535:

        Title:      A Security Problem and Proposed Correction
                    With Widely Deployed DNS Software
        Author:     E. Gavron
        Mailbox:    gavron@aces.com
        Pages:      5
        Characters: 9,722
        Updates/Obsoletes:  none


This document discusses a flaw in some of the currently distributed
name resolver clients.  The flaw exposes a security weakness related
to the search heuristic invoked by these same resolvers when users
provide a partial domain name, and which is easy to exploit (although
not by the masses).  This document points out the flaw, a case in
point, and a solution.

This memo provides information for the Internet community.  It does
not specify an Internet standard.  Distribution of this memo is
unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@CNRI.RESTON.VA.US.  Requests to be added
to or deleted from the RFC-DIST distribution list should be sent to
RFC-REQUEST@NIC.DDN.MIL.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to "rfc-info@ISI.EDU" with the message body 
"help: ways_to_get_rfcs".  For example:

	To: rfc-info@ISI.EDU
	Subject: getting rfcs

	help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to admin@DS.INTERNIC.NET.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

Submissions for Requests for Comments should be sent to
RFC-EDITOR@ISI.EDU.  Please consult RFC 1111, "Instructions to RFC
Authors", for further information.


Joyce K. Reynolds
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.
ftp://ds.internic.net/rfc/rfc1535.txt"><ftp://ds.internic.net/rfc/rfc1535.txt>

v2.23.0 | Report a Bug | By Email