[Unbound-users] reddit.com issue
Jelte Jansen
jelte.jansen at sidn.nl
Mon Aug 25 14:02:21 UTC 2014
On 08/25/2014 03:24 PM, Dave Duchscher wrote:
>
> Cloudflare's response:
>
>> Hey there,
>>
>> Because the DNS query "http://reddit.com" is technically not valid (since DNS queries should not contain the protocol URI), CloudFlare's DNS servers will not respond to them.
>>
>> Since these kinds of invalid queries don't get this far in the normal DNS system (since they get dropped at the root servers)
>>
>> Let us know if you need any other help
>> Thanks
>
>
> *sigh*
>
Wow. Not only is that answer wrong, that approach makes these zones easy
to DoS on a number of resolvers.
Worse, as someone on IRC just commented, it also makes it much, much
easier to do kaminsky-style attacks on those zones.
Jelte
More information about the Unbound-users
mailing list