[dns-operations] Please issue CVEs for servers that BADVERS/FORMERR for Unknown EDNS options.
Mark Andrews
marka at isc.org
Tue Feb 14 01:58:10 UTC 2017
If any version of your products returned BADVERS or FORMERR to a
unknown EDNS option could you please issue a CVE for those versions
so that your customers know that they should be replacing the
nameserver with something that meets the EDNS specification.
* BADVERS was always outside of spec. It is for EDNS version
negotiation not that I don't understand this option.
* FORMERR is also outside of the current spec. The nameservers
that do this also return FORMERR if the EDNS version is 1 rather
than BADVERS you can't even use EDNS version negotiation to get
a good answer to well formed queries. The two behaviours put
these servers outside of the initial EDNS specification.
Servers with these behaviours are causing interop issues.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list