[Unbound-users] reddit.com issue
jelte.jansen at sidn.nl
Mon Aug 25 14:02:21 UTC 2014
On 08/25/2014 03:24 PM, Dave Duchscher wrote:
> Cloudflare's response:
>> Hey there,
>> Because the DNS query "http://reddit.com" is technically not valid (since DNS queries should not contain the protocol URI), CloudFlare's DNS servers will not respond to them.
>> Since these kinds of invalid queries don't get this far in the normal DNS system (since they get dropped at the root servers)
>> Let us know if you need any other help
Wow. Not only is that answer wrong, that approach makes these zones easy
to DoS on a number of resolvers.
Worse, as someone on IRC just commented, it also makes it much, much
easier to do kaminsky-style attacks on those zones.
More information about the Unbound-users