Excellent Inputs guys and thanks a ton for your feedbacks. RPS is quite interesting and which one is commercial offering for the same?
On Sun, Jun 17, 2018 at 10:56 PM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 06/17/2018 11:18 AM, Vadim Pavlov via bind-users wrote: > > Just to be more clear. DNSSEC records can contain any content and can > > be used for infiltration/tunneling. > > Ah. I think I see. > > > E.g. If you request DNSKEY record (you can encode your request in fqdn) > > you will get it exactly "as is". Intermediate DNS servers do not > validate > > the records. > > You aren't talking about using the DNSSEC mechanisms to {in,ex}filtrate > data as much as you are talking about {ab}using the resource records > that DNSSEC uses as a vector to hide data. > > > So instead of "standard/usual" TXT records you can use DNSKEY to pass > > data from a DNS remote server. > > ACK > > Thank you for the explanation. > > > > -- > Grant. . . . > unix || die > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users