RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 2308, "Negative Caching of DNS Queries (DNS NCACHE)", March 1998

Note: This RFC has been updated by RFC 4035, RFC 4033, RFC 4034, RFC 6604, RFC 8020, RFC 8499, RFC 9499, RFC 9520

Source of RFC: dnsind (int)

Errata ID: 4632
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Nikolai Malykh
Date Reported: 2016-03-02
Held for Document Update by: Brian Haberman
Date Held: 2016-03-02

Section 11 says:

   For such an attack to be successful, the NXDOMAIN indiction must be
   injected into a parent server (or a busy caching resolver).  One way
   this might be done by the use of a CNAME which results in the parent
   server querying an attackers server.  Resolvers that wish to prevent
   such attacks can query again the final QNAME ignoring any NS data in
   the query responses it has received for this query.

It should say:

   For such an attack to be successful, the NXDOMAIN indication must be
   injected into a parent server (or a busy caching resolver).  One way
   this might be done by the use of a CNAME which results in the parent
   server querying an attackers server.  Resolvers that wish to prevent
   such attacks can query again the final QNAME ignoring any NS data in
   the query responses it has received for this query.

Notes:

A typo in the word "indication".

Report New Errata



Advanced Search