[dns-operations] Spoofing DNS with fragments

Paul Vixie paul at redbarn.org
Tue Sep 11 21:26:40 UTC 2018

Viktor Dukhovni wrote:
> My domain has both DNSSEC and a CAA record that matches none of the
> public CAs, it'd be interesting to find out whether this is sufficient
> to help all of them to avoid issuing an unauthorized certificate.

i think what's interesting about this latest rendition of the 
fragmentation attack (first told to me by florian in 2008 or so, and 
independently rediscovered several times since then) is not that a proof 
of concept was able to get someone to make a certificate for the 
attacker using the victim's identity because dnssec was relied upon for 
transaction authenticity.

rather, it's that dnssec cannot be relied upon, after all. must we use 
TSIG or TCP in order to actually trust the results of a dnssec lookup? 
if so, then we're 23+ years into the securedns effort, and still nothing 
to show for it except cost, complexity, and unreliability; and we'll 
have to have another flag day after two more years of development. if 
this is so, then the first thing we ought to do is, stop the KSK roll, 
and the second thing we ought to do is, remove dnssec from the root zone 
until a more secure design is available.

P Vixie

More information about the dns-operations mailing list