[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Geoffrey Sisson geoff at panix.com
Wed Jul 30 00:10:38 UTC 2008


vixie at isc.org (Paul Vixie) wrote:

> (noting that dave presotto told me he has changed "l.google.com" to stop
> stripping the 0x20 bits, which was the only truly scary outlier for 0x20.)

Sometime in the last few hours [a-h].l.google.com began stripping
0x20 from replies again:

------------------------ Begin included text ------------------------
; <<>> DiG 9.5.1b1 <<>> @a.l.google.com. wwW.L.GoOgLe.Com.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14314
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.l.google.com.              IN      A

;; ANSWER SECTION:
www.l.google.com.       300     IN      A       74.125.19.104
www.l.google.com.       300     IN      A       74.125.19.99
www.l.google.com.       300     IN      A       74.125.19.103
www.l.google.com.       300     IN      A       74.125.19.147

;; Query time: 48 msec
;; SERVER: 209.85.139.9#53(209.85.139.9)
;; WHEN: Tue Jul 29 17:02:59 2008
;; MSG SIZE  rcvd: 98
------------------------- End included text -------------------------

They had been fine previously.

Geoff



More information about the dns-operations mailing list