Re: unbound startup - Tapani Tarvainen

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Tapani Tarvainen <ipfire@tapanitarvainen.fi>
To: development@lists.ipfire.org
Subject: Re: unbound startup
Date: Tue, 29 May 2018 14:57:11 +0300	[thread overview]
Message-ID: <20180529115710.GB22462@tehanu.it.jyu.fi> (raw)
In-Reply-To: <20180528061714.GA12663@tarvainen.info>

[-- Attachment #1: Type: text/plain, Size: 1171 bytes --]

With a bit closer look it seems this is more serious than I thought:
it's not only a bug but a security bug.

Under certain circumstances restarting unbound (which as noted happens
with every Edit Hosts &c) can lead to loss of data as well as result
in data leaks outside the firewall.

As it is now, at unbound startup there's a time window when it gives
wrong answers to DNS queries. NXDOMAIN is bad enough and can lead to
data loss in several circumstances, but as it starts forwarders before
populating local hosts it can also return wrong answers in split DNS
situations, that is, return external IP when it should return the
internal one. This is obviously bad if exernal DNS server is
compromised or spoofed, but even when it isn't, connections intended
to intranet machines could go outside when they shouldn't.

Exploiting this deliberately is not all that simple and all really bad
cases I can think of require split DNS setup and knowledge or ability
to guess when unbound is restarted, but some attacks could be set up
to wait for it.

If this list is not the right place for discussing about bugs, please
redirect wherever appropriate.

-- 
Tapani Tarvainen

next prev parent reply	other threads:[~2018-05-29 11:57 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-28  6:17 Tapani Tarvainen
2018-05-29 11:57 ` Tapani Tarvainen [this message]
2018-05-29 16:05   ` Tapani Tarvainen
2018-05-29 19:30   ` Michael Tremer
2018-06-02 13:02     ` Tapani Tarvainen
2018-05-29 19:28 ` Michael Tremer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180529115710.GB22462@tehanu.it.jyu.fi \
    --to=ipfire@tapanitarvainen.fi \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox