Mastodawn

I see mentions from ppl stating "I don't have this license so I'm not impacted"

But are we sure that’s enough? The requirement in the SA says “DNS security logging must be enabled…” but doesn’t actually mention anything about needing a license.

I get that the license is required to use the feature and see the logs, but does just enabling the setting make you vulnerable? I’ve been trying to look into this, because the advisory isn’t super clear on this (for a change.... .

Anyone have any ideas or maybe has looked into an actual attack or found a proof of concept?