One of the widely debated behaviour of an authoritative name servers is the nature of the response it sends back when asked for a FQDN for which it is non-authoritative. Till 2012R2 Windows DNS servers, which have recursion disabled on them have responded back with a upward referral response with a list of root name servers in the additional section. This behaviour can be exploited by attackers who can send random queries to the DNS server and get an amplified response in return. This amplification...(read more)![]()
↧