Assistance Needed: "Too Many Records" Error When Reloading Zone `example.com`, BIND: 9.18.29
Fred Morris
m3047 at m3047.net
Mon Sep 23 17:14:31 UTC 2024
This is probably overblown:
On Mon, 23 Sep 2024, Lars Kollstedt wrote:
> [...]
> since the discovery of the real name of text.example.com (if this is
> requestable from unvalidated source IP addresses - almost any source IP
> address in
> the "internet" has to be considered unvalidated - since there is no
> applicable way to validate foreign source addresses on autonomous system
> interconnects,
> yet) will make it possible to abuse this RRs for a DoS amplification attack
> against third parties (the real owners of the forged source IPs).
>
> The attacker just needs to send requests for text.example.com IN TXT with the
> forged IP of the victim, and the victim will get your hundreds of TXT records
> under this name from your server for each of them.
In most cases I would expect rrsets likely to trigger the limit behavior
to first cause TC=1 to be triggered, therefore shielding the recipient
from the full impact of the large record set. But if you're exposing large
rrsets to the public (regardless whether they trigger this particular
behavior) it's worth reviewing your server posture to make sure your
limits on what's allowed via UDP are reasonable.
--
Fred Morris, internet plumber
More information about the bind-users
mailing list