Munin, Keeper of LoreApr 24, 2017

DNS is dangerous knowledge to have.

Yes, it's a wonderful, amazing way to solve many problems.

Unfortunately, once you know how it works, you begin to realize how fragile the underpinnings for a lot of other things are.

Worse, once -other- people realize you know it, you get their well-meaning plans to do things that, yes, -can- work, but really oughtn't to see the light of day.

Show threadMunin, Keeper of LoreApr 24, 2017

No offense to the fellow who wrote this, but this?

https://github.com/aniruddhas/DNSrouter

This is one of those ideas that, well meaning though it is, really oughtn't to be implemented.

Please do not rewrite your routing tables based on DNS responses.

Show threadMaiyannah BishopApr 24, 2017
@munin That would be trivial to exploit.
Show threadMunin, Keeper of LoreApr 24, 2017
@maiyannah I can think of several ways this can go terribly wrong already, and my wife just asked why I was twitching.
Show threadMaiyannah BishopApr 24, 2017
@munin Reflection attacks agogo, just for the low-hanging fruit one.
Show threadMunin, Keeper of LoreApr 24, 2017
@maiyannah Specially crafted A record to tweak the routing table ;-)
Show threadMaiyannah BishopApr 24, 2017
@munin Ton of different ways, yeah, if I sat down for an hour with this, well, it wouldn't end well.
Show threadMunin, Keeper of LoreApr 24, 2017
@maiyannah I'm strictly blue team and I can see the exploits, so yeah ;-)
Show threadMaiyannah BishopApr 24, 2017
@munin A younger me wore a different hat.
Show threadMunin, Keeper of LoreApr 24, 2017
@maiyannah I never could get the hang of that, myself. But that's a talk for sometime when I've got a lot more whiskey in me ;-)
Show threadMaiyannah BishopApr 24, 2017
@munin Whisky sounds good though.
Show threadMunin, Keeper of Lore
@maiyannah It really is, and I don't drink enough of it.
Apr 24, 2017 at 5:33amWeb