Content-Type: text/plain; charset=UTF-8
X-RT-Original-Encoding: utf-8
Content-Length: 4248

If dig +sigchase encounters a RRSIG with inception in the future it will
enter a tight endless loop.

This is probably a DoS minor security vulnerability.

It might be worth to check if the same verification code is used in other
products that might be affected.

====================================

;; RRset to chase:
cloudflare-secure.net. 30 IN DNSKEY 256 3 13
dNbV354UDSbhpZ2n9Uw8I/A3Q5qFtdLCn4gIB5xXKnS1x2+b3OikUoBi
zxoiWXTyug/4aAYewumvX8Yd0AoAaw==
cloudflare-secure.net. 30 IN DNSKEY 257 3 13
/l6y5G5M/wjknrmVmFHE4JIuzVWpypsSvPyEcSGr5LyVFYtG7HnlyjRr
mrxdaqqN/9F5jYUbXw9fgY0UZ8mw3w==


;; RRSIG of the RRset to chase:
cloudflare-secure.net. 30 IN RRSIG DNSKEY 13 2 3600 20150317125525
20150317125525 14032 cloudflare-secure.net.
It0X7ij2R5uV+Ida9m6eO+NVkqbYGLoj82IVqn6yOO9+xm0WA72tALgt
qgRH4qpxB7DUcKvrcmLmRoBqcRfG3Q==


;; DNSKEYset that signs the RRset to chase:
cloudflare-secure.net. 30 IN DNSKEY 256 3 13
dNbV354UDSbhpZ2n9Uw8I/A3Q5qFtdLCn4gIB5xXKnS1x2+b3OikUoBi
zxoiWXTyug/4aAYewumvX8Yd0AoAaw==
cloudflare-secure.net. 30 IN DNSKEY 257 3 13
/l6y5G5M/wjknrmVmFHE4JIuzVWpypsSvPyEcSGr5LyVFYtG7HnlyjRr
mrxdaqqN/9F5jYUbXw9fgY0UZ8mw3w==


;; RRSIG of the DNSKEYset that signs the RRset to chase:
cloudflare-secure.net. 30 IN RRSIG DNSKEY 13 2 3600 20150317125525
20150317125525 14032 cloudflare-secure.net.
It0X7ij2R5uV+Ida9m6eO+NVkqbYGLoj82IVqn6yOO9+xm0WA72tALgt
qgRH4qpxB7DUcKvrcmLmRoBqcRfG3Q==



Launch a query to find a RRset of type DS for zone: cloudflare-secure.net.

;; DSset of the DNSKEYset
cloudflare-secure.net. 21599 IN DS 14032 13 2
5FF2E12C473B42291E23A851E75681B2AEA7155A92D2839A586C41A2 88E3729A


;; RRSIG of the DSset of the DNSKEYset
cloudflare-secure.net. 21599 IN RRSIG DS 8 2 86400 20140924175426
20140917164426 32507 net.
h+3WQUdF7eT9q/ghf080Dek61lDWHxl4zOnefRMYOK06xKASDA87OR6y
RH+T2wc3DHaq2+f+75euPh+DQhpJG1NblrtEr3HNf7MnqiSzSBJceQRg
MTTs3MAXRVH9nUUSaDIrOyGc0Py481XKV1kDrWvUV0wm+cfKsiy0+nSW Fa0=




;; WE HAVE MATERIAL, WE NOW DO VALIDATION
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
;; VERIFYING DNSKEY RRset for cloudflare-secure.net. with DNSKEY:14032:
RRSIG validity period has not begun
[...]