Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
http://amir.herzberg.googlepages.com/somerecentpapers
This paper refers to DNS poisoning without fully exploring how SPF
might be used to enable DNS poisoning.
Doug perhaps asks too much... But the paper does explain a particular
exploit, where SPF records are used to cause particular DNS queries at
"known" times, to which forged responses can be spoofed, potentially
greatly increasing the risk of DNS poisoning.
Discussion of that particular exploit does seem in scope.
The paper is somewhat disappointing in only mentioning "rate limiting"
and "dedicated DNS proxy" as countermeasures, without any particulars.
Is there any interest in fleshing out these countermeasures?
SPF supports the use of macros to access A, AAAA, PTR and TXT DNS
resource records. These macros might expand local-parts within the
email-message, which means SPF records may NOT be fully cacheable.
Subsequent record resolutions can be triggered by the SPF macros,
where as may as one hundred such record resolutions can occur when
resolving a single SMTP source authorization.
This sounds like the sort of issue where a "dedicated DNS proxy"
for SPF queries could apply rate-limiting to good advantage. Of
course, it would end up deliviering "less" than SPF proponents have
been claiming as SPF's "advantages;" but I suspect Doug is not alone
in considering such a "feature" as beneficial.
;^)
--
John Leslie <john(_at_)jlc(_dot_)net>
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg