> The vulnerability now has a CVE and a GitHub Advisory published > here: > https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw > > I suspect this might be useful feedback to some of you designing > DNSSEC validation routines, especially for validating stub resolvers. > I have done little research into which other DNS libraries might > be affected, but bind and unbound seem fine.
You are right about point 3 (all or any received records in a response relate to the request) However, it doesn't make sense to include step 4. A DNSSEC validator will have taken care of step 4. _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
