Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: dnsclient should be more robust against bogus UDP packets #13281

Closed
mdempsky opened this issue Nov 16, 2015 · 1 comment
Closed

net: dnsclient should be more robust against bogus UDP packets #13281

mdempsky opened this issue Nov 16, 2015 · 1 comment
Assignees
Milestone

Comments

@mdempsky
Copy link
Member

@mdempsky mdempsky commented Nov 16, 2015

Currently package net's dnsclient gives up on trying to query a DNS server over UDP if it receives a bogus DNS response (e.g., not a DNS packet, mismatched query ID, wrong query name). This makes it a bit more vulnerable to DNS forgery attacks. It would be better if in these cases that dnsclient continued waiting until the deadline for a legitimate response.

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Apr 16, 2016

CL https://golang.org/cl/22126 mentions this issue.

@gopherbot gopherbot closed this in 3411d63 Apr 22, 2016
@golang golang locked and limited conversation to collaborators Apr 22, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.