[dns-operations] Spoofing DNS with fragments

[Viktor Dukhovni]

> On Sep 11, 2018, at 5:26 PM, Paul Vixie <paul at redbarn.org> wrote:
> 
> Must we use TSIG or TCP in order to actually trust the results of a dnssec lookup?

There are two different types of security at play here.

  1. End-to-End integrity of authoritative data as it traverses through
     multiple caches towards the final consumer

  2. Hop-by-hop traffic integrity (and perhaps also confidentiality)
     between resolvers and nameservers (whether iterative or authoritative).

DNSSEC tackles problem 1, and removes the network and intermediate caches
from the trust equation when evaluating the validity of the delivered DNS
answers.  Which enables DANE, CAA record integrity, ...

Transport integrity technologies, whether DNSCurve, TSIG, TLS, HTTPS, ...
tackle various parts of problem 2.  Mark's well known TSIG key is a
minimal lightweight approach to handle the fragment forgery problem,
without switching to transport encryption.

With broad adoption of DNSCurve, TLS, HTTPS, ... not very likely the
TSIG suggestion might actually be possible to get deployed.  Or, as
suggested in this thread, we could configure our servers to cap UDP
EDNS buffer sizes at ~1200 bytes (perhaps with the exception of loopback
interface clients), thereby closing the opportunity for forgeries of
predicted fragments, reducing reported issues with DNSSEC
over IPv6 and capping response amplification.

-- 
-- 
	Viktor.