[dns-operations] DNS Security Advisory (infinite recursion)

Tony Finch dot at dotat.at
Tue Dec 9 10:43:43 UTC 2014

I just saw this bit in RFC 1034 page 34/35

Step 2 looks for a name server to ask for the required data.  [...] Set up
their addresses using local data.  It may be the case that the addresses
are not available.  The resolver has many choices here; the best is to
start parallel resolver processes looking for the addresses while
continuing onward with the addresses which are available.  Obviously, the
design choices and options are complicated and a function of the local
host's capabilities.  The recommended priorities for the resolver designer

   1. Bound the amount of work (packets sent, parallel processes
      started) so that a request can't get into an infinite loop or
      start off a chain reaction of requests or queries with other
      SOME DATA.

... So I guess Jeeves wasn't vulnerable to this bug?

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Biscay, Southeast Fitzroy: North or northwest 5, backing west or northwest 5
to 7. Rough or very rough. Rain later. Good, occasionally moderate later.

More information about the dns-operations mailing list