RFC 1535

A Security Problem and Proposed Correction With Widely Deployed DNS Software, October 1993

Canonical URL:
https://www.rfc-editor.org/rfc/rfc1535.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Author:
E. Gavron
Stream:
[Legacy]

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC1535

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document discusses a flaw in some of the currently distributed name resolver clients. The flaw exposes a security weakness related to the search heuristic invoked by these same resolvers when users provide a partial domain name, and which is easy to exploit. This document points out the flaw, a case in point, and a solution. This memo provides information for the Internet community. It does not specify an Internet standard.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader