On Wed, Jul 10, 2019 at 04:21:11PM +1000, Mark Andrews wrote:
> I’ve written up a method to defeat UDP fragmentation attacks using TSIG.
> 
> https://tools.ietf.org/html/draft-andrews-dnsop-defeat-frag-attack-00
> 
> If we are going to discuss methods to defeat such attacks this should be
> considered.

+1

As an alternative, I also point to the following draft from 2015:
https://tools.ietf.org/html/draft-muks-dns-message-checksums-00

A BIND implementation of it is here:
https://github.com/muks/bind9/tree/dns-message-checksums

                Mukund

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to