Report information
The Basics
Id:
37072
Status:
resolved
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Mark Andrews <marka@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
(no value)
Severity:
S1 High
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Wed, 03 Sep 2014 17:32:13 -0400
Updated:Sat, 29 Jul 2017 02:40:10 -0400
Closed:Wed, 22 Oct 2014 01:40:52 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Wed, 03 Sep 2014 17:32:13 -0400 Mark Andrews <marka@isc.org> - Ticket created
Subject: wildcard + optout + ad
Date: Thu, 04 Sep 2014 07:32:08 +1000
To: bind9-bugs@isc.org
From: Mark Andrews <marka@isc.org>

Opt-Out Considerations: Note that with or without Opt-Out, an insecure delegation may be undetectably altered by an attacker. Because of this, the primary difference in security when using Opt-Out is the loss of the ability to prove the existence or nonexistence of an insecure delegation within the span of an Opt-Out NSEC3 RR. In particular, this means that a malicious entity may be able to insert or delete RRs with unsigned names. These RRs are normally NS RRs, but this also includes signed wildcard expansions (while the wildcard RR itself is signed, its expanded name is an unsigned name). -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Wed, 03 Sep 2014 17:52:09 -0400 Mark Andrews <marka@isc.org> - Queue changed from #6 to #7
Wed, 03 Sep 2014 20:34:00 -0400 Mark Andrews <marka@isc.org> - Status changed from 'new' to 'open'
Wed, 03 Sep 2014 23:42:02 -0400 Evan Hunt <Evan_Hunt@isc.org> - Given to Mark Andrews <marka@isc.org>
Thu, 04 Sep 2014 00:01:42 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 added
Thu, 04 Sep 2014 00:01:43 -0400 Mark Andrews <marka@isc.org> - Queue changed from #7 to #30
Thu, 04 Sep 2014 00:01:43 -0400 Mark Andrews <marka@isc.org> - Given to Nobody in particular
Wed, 22 Oct 2014 01:40:53 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'open' to 'resolved'
Tue, 02 Aug 2016 17:50:44 -0400 Vicky Risk <vicky@isc.org> - Severity S1 High added
Tue, 02 Aug 2016 17:50:45 -0400 Vicky Risk <vicky@isc.org> - Area bug added
Wed, 21 Jun 2017 14:36:13 -0400 Brian Conry <bconry@isc.org> - Queue changed from #30 to #6
Mon, 26 Jun 2017 17:14:15 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public
Sat, 29 Jul 2017 02:40:10 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 changed to 9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0