[dns-operations] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS

Andrew Sullivan ajs at anvilwalrusden.com
Tue Aug 17 19:03:37 UTC 2021

On Tue, Aug 17, 2021 at 01:32:35PM -0400, Viktor Dukhovni wrote:
>I am far from convinced that it is the resolvers job to enforce RDATA
>syntax restrictions beyond what is required for a valid wire form.

I completely agree.  Indeed, the history of middleboxes attempting to
enforce various kinds of restrictions is precisely what has made them
such a PITA when new features were introduced to the DNS that the
middleboxes didn't know about.

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list