[Opendnssec-user] remote denial of service in opendnssec 2.1.3 , 2.1.7, 2.1.8rc1

(Berry) A.W. van Halderen berry at nlnetlabs.nl
Mon Feb 1 19:29:54 UTC 2021


Dear list,

We've taken notice of this problem and will be taken it	up.  There's also    
been some contact about	with needs following up	from our side. 	Fixes will
be included as soon as possible.

However there is a more general point about potential vunerabilities.           
Most installations will either not connect OpenDNSSEC directly to               
the internet or connect it behind a firewall, to let trusted parties            
(like slave servers) access it, but not every party on the internet.            
This makes OpenDNSSEC less sensitive to as an attack vector.

OpenDNSSEC cannot function as a full DNS master server (is does not
have the functionality  to be a full authoratative master.  So it isn't
providing a public service (yet).  It is intended to be a hidden master.

We want	to fix any problems, mostly because we're more worried about
unintended loss	of service, rather than	a deliberate attack.

With kind regards,
Berry van Halderen


More information about the Opendnssec-user mailing list