Maintained by: NLnet Labs

[Unbound-users] Unbound 1.5.2 release

Robert Edmonds
Thu Feb 19 19:43:01 CET 2015


W.C.A. Wijngaards wrote:
> Harden-glue when turned off allows potentially poisonous records in
> the cache in the hopes of that enabling DNS resolution for 'impossible
> to resolve' domains, it is fixed to have 'less cache poisoning',
> quotes added because it is by definition not secure to turn off
> harden-glue.

Hi, Wouter:

Reading this text from doc/requirements.txt is alarming:

  The server can be spoofed by getting it to visit a especially prepared 
  domain. This domain then inserts an address for another authoritative 
  server into the cache, when visiting that other domain, this address may
  then be used to send queries to. And fake answers may be returned.

(Also, I think "rfc2182 trust handling" should say "rfc2181 trust
handling".)

Is this really something that should be a configurable mode in the
daemon?  It sounds not just insecure, but unsafe to turn off.  Maybe the
number of users that the configurable helps is outweighed by the number
of users harmed by inadvertently toggling it?

Do you have any "impossible to resolve" examples that "harden-glue: off"
helps to resolve?

-- 
Robert Edmonds
edmonds at debian.org