Data exfiltration using DNS RPZ

Grant Taylor gtaylor at
Sun Jun 17 17:27:24 UTC 2018

On 06/17/2018 11:18 AM, Vadim Pavlov via bind-users wrote:
> Just to be more clear. DNSSEC records can contain any content and can 
> be used for infiltration/tunneling.

Ah.  I think I see.

> E.g. If you request DNSKEY record (you can encode your request in fqdn) 
> you will get it exactly "as is". Intermediate DNS servers do not validate 
> the records.

You aren't talking about using the DNSSEC mechanisms to {in,ex}filtrate 
data as much as you are talking about {ab}using the resource records 
that DNSSEC uses as a vector to hide data.

> So instead of "standard/usual" TXT records you can use DNSKEY to pass 
> data from a DNS remote server.


Thank you for the explanation.

Grant. . . .
unix || die

More information about the bind-users mailing list