[dns-operations] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Mon Aug 30 16:01:37 UTC 2021

On 30/08/2021 17.02, Petr Špaček wrote:
> [...] It is clear to this group of DNS experts, but I think we should 
> lend a helping hand to DNS consumers and at least explain why 
> consumers have to check everything.
> Is anyone interesting in writing a short RFC on this topic? 

That might serve as a good reference when some DNS expert points out to 
others why they shouldn't be doing what they're doing. However, I don't 
think we can expect a new RFC (by itself) to reduce these cases: *if* 
they were reading DNS RFCs, they would've surely realized that they need 
to be more careful.

More information about the dns-operations mailing list