RFC 1535

A Security Problem and Proposed Correction With Widely Deployed DNS Software, October 1993

File formats:
icon for text file icon for PDF icon for HTML icon for inline errata
Status:
INFORMATIONAL
Author:
E. Gavron
Stream:
[Legacy]

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC1535

Discuss this RFC: Send questions or comments to the mailing list iesg@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 1535

Abstract

This document discusses a flaw in some of the currently distributed name resolver clients. The flaw exposes a security weakness related to the search heuristic invoked by these same resolvers when users provide a partial domain name, and which is easy to exploit. This document points out the flaw, a case in point, and a solution. This memo provides information for the Internet community. It does not specify an Internet standard.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.



Advanced Search