Sierra Leone (.sl) TLD
Meir Kraushar
meir at isoc.org.il
Sun Feb 23 12:25:02 UTC 2025
Hi
The .sl ccTLD (Sierra Leone) is being used as an amplifier for reflection
attacks.
It looks like the domain is horribly misconfigured:
1) It has 4 keys:
- Two KSK's each one *4096* in size
- Two ZSK each 2048
2) *ALL* keys are used to sign DNSKEY records, resulting in 4 DNSKEY RRSIG
3) All other records are signed twice
4) All algos are 7
5) There is no DS in the root, this TLD is not DNSSEC validated
As a result,
The reply size of "dig sl any" is 5814 (!)
Again, this is being used as an amplifier for reflection attacks (victims
referred to us for help).
If anyone knows someone there who can fix this?
Thanks,
Meir Kraushar
ISOC-IL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20250223/9bc9b33a/attachment.html>
More information about the dns-operations
mailing list