[bind10-dev] Preventing a DOS attack via message logging
Stephen Morris
stephen at isc.org
Wed Dec 19 11:18:23 UTC 2012
The README file in src/lib/log contains the following text:
> When logging events, make a distinction between events related to
> the server and events related to DNS messages received. Caution
> needs to be exercised with the latter as, if the logging is
> enabled in the normal course of events, such logging could be a
> denial of service vector. For example, suppose that the main
> authoritative service logger were to log both zone loading and
> unloading as INFO and a warning message if it received an invalid
> packet. An attacker could make the INFO messages unusable by
> flooding the server with malformed packets.
>
> There are two approaches to get round this:
>
> a) Make the logging of packet-dependent events a DEBUG-severity
> message. DEBUG is not enabled by default, so these events will not
> be recorded unless DEBUG is specifically chosen.
>
> b) Record system-related and packet-related messages via different
> loggers (e.g. in the example given, server events could be logged
> using the logger "auth" and packet-related events at that level
> logged using the logger "pkt-auth".) As the loggers are
> independent and the severity levels independent, fine-tuning of
> what and what is not recorded can be achieved.
That was written early on, when the logging code was written. As the
question has come up in relation to the DHCP server, I'm curious as to
what solution has been used in the DNS code. Or is this a non-issue?
Stephen
More information about the bind10-dev
mailing list