Hi folks,
a few days ago I apparently lost the beneficence of my zone feeds,
and XFR started to get into timeout.
Looking at the usual culprits I then found this:
DNS Response containing multiple DNSSEC RRSIG Entries (Algorithm
14) - Possible CVE-2023-50387 Activity
[Classification: Detection of a Denial of Service Attack]
{TCP} 192.0.47.132:53 -> <me>
I don't find it really surprizing that XFR would contain "multiple
RRSIG entries". But, according to the strategy ("shoot first, ask when
the corpses stack to the ceiling"), this thing just kills the transfers.
So, what is it about? Is it something serious?
cheerio,
PMc
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
