[dns-operations] "NS .", the attack of the month?

Stephane Bortzmeyer bortzmeyer at nic.fr
Sat Jan 24 22:45:22 UTC 2009


On Sun, Jan 25, 2009 at 08:39:27AM +1000,
 Noel Butler <noel.butler at ausics.net> wrote 
 a message of 65 lines which said:

> iptables -A INPUT -p udp --dport 53 -m u32 --u32
> "0>>22&0x3C at 12>>16=1&&0>>22&0x3C at 20>>24=0&&0>>22&0x3C at 21=0x00020001" -j 
> DROP

Cute :-) I hesitate to deploy a trick that I have trouble to
verify. Isn't it better to just follow the recommendations in
<https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful>?


More information about the dns-operations mailing list