[Opendnssec-user] remote denial of service in opendnssec 2.1.3 , 2.1.7, 2.1.8rc1
(Berry) A.W. van Halderen
berry at nlnetlabs.nl
Mon Feb 1 19:29:54 UTC 2021
Dear list,
We've taken notice of this problem and will be taken it up. There's also
been some contact about with needs following up from our side. Fixes will
be included as soon as possible.
However there is a more general point about potential vunerabilities.
Most installations will either not connect OpenDNSSEC directly to
the internet or connect it behind a firewall, to let trusted parties
(like slave servers) access it, but not every party on the internet.
This makes OpenDNSSEC less sensitive to as an attack vector.
OpenDNSSEC cannot function as a full DNS master server (is does not
have the functionality to be a full authoratative master. So it isn't
providing a public service (yet). It is intended to be a hidden master.
We want to fix any problems, mostly because we're more worried about
unintended loss of service, rather than a deliberate attack.
With kind regards,
Berry van Halderen
More information about the Opendnssec-user
mailing list