[dns-operations] summary of recent vulnerabilities in DNS security.
Colm MacCárthaigh
colm at stdlib.net
Wed Jan 15 18:42:21 UTC 2014
On Wed, Jan 15, 2014 at 5:06 AM, Hannes Frederic Sowa <
hannes at stressinduktion.org> wrote:
>
> Would it be of interest to get the state of fragmentation on incoming
> datagrams by e.g. ancillary data on recvmsg so resolvers could check if
> the incoming packet was fragmented then drop and retry if it was below
> a certain size?
>
Yes, I'd appreciate that capability at least. It would also be nice to be
able to reject re-assembled datagrams whose fragments had different IP TTL
values.
--
Colm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140115/522567f5/attachment.html>
More information about the dns-operations
mailing list