[Dnsmasq-discuss] CVE-2020-25705 mitigation (SAD DNS)

Jim Alles kb3tbx at gmail.com
Wed Dec 9 01:02:52 GMT 2020


ref:
https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html

Is it appropriate to clamp edns to 1221 as suggested by the
Microsoft Guidance here?
https://www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-dns-cache-poisoning-vulnerability/

# now clamped for CVE-2020-25705 mitigation SAD DNS
edns-packet-max=1221

Or would this not even help?
(I think my best effort has been enabling DNSSEC in dnsmasq.)

Thank you for any advice, and
best regards,
Jim Alles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20201208/650eedb6/attachment.html>


More information about the Dnsmasq-discuss mailing list