Insecure response BIND 9.7.0b2

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Nov 20 15:58:17 UTC 2009


On Fri, Nov 20, 2009 at 09:27:35AM +1100,
 Mark Andrews <marka at isc.org> wrote 
 a message of 34 lines which said:

> There are also firewalls that block DNS/UDP responses bigger 512
> bytes or block EDNS queries/responses 10 years after the
> introduction of EDNS.  There are also middleware that blocks/drops
> DNS/UDP responses that are fragmented.

This tool may help:

http://www.nic.cz/dnssectests/

And this one, too:

https://www.dns-oarc.net/oarc/services/replysizetest



More information about the bind-users mailing list