[dns-operations] Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS
Vladimír Čunát
vladimir.cunat+ietf at nic.cz
Mon Aug 30 16:01:37 UTC 2021
On 30/08/2021 17.02, Petr Špaček wrote:
> [...] It is clear to this group of DNS experts, but I think we should
> lend a helping hand to DNS consumers and at least explain why
> consumers have to check everything.
>
> Is anyone interesting in writing a short RFC on this topic?
That might serve as a good reference when some DNS expert points out to
others why they shouldn't be doing what they're doing. However, I don't
think we can expect a new RFC (by itself) to reduce these cases: *if*
they were reading DNS RFCs, they would've surely realized that they need
to be more careful.
More information about the dns-operations
mailing list