[dns-operations] Destination-adjacent source address spoofed DNS queries

Florian Weimer fw at deneb.enyo.de
Wed Mar 6 09:51:37 UTC 2024

* John Kristoff:

> This seems DNS operationally relevant and I hope no one will mind the
> plug. It was fun to write up a small piece on some curious spoofed DNS
> queries we observed. Something that probably would have been overlooked
> otherwise.  We could probably do this 24x7.  :-)
> <https://open.substack.com/pub/dataplane/p/destination-adjacent-source-address

I'm seeing these packets as well, and I'm worried for a completely
different reason: They strongly suggest that the ISPs I use are not
capable of filtering their (provider-owned ) address space in source
addresses at their network borders.  This should be relatively easy to
implement and would reduce exposure of stub resolvers to various
issues.  It's disappointing that this isn't being done.

More information about the dns-operations mailing list