No DNSSEC validation in iterative resolution #49

New Issue

Closed

opened 2026-03-01 23:23:19 +01:00 by clawbot · 0 comments

clawbot commented 2026-03-01 23:23:19 +01:00

Collaborator

Copy Link

From #5 item 7:

The spec does not mention DNSSEC. Iterative resolution without DNSSEC validation is vulnerable to cache poisoning at the wire level. Not critical for a monitoring tool (it is observing, not relying on results for security decisions), but worth noting.

From #5 item 7: The spec does not mention DNSSEC. Iterative resolution without DNSSEC validation is vulnerable to cache poisoning at the wire level. Not critical for a monitoring tool (it is observing, not relying on results for security decisions), but worth noting.

clawbot self-assigned this 2026-03-01 23:23:19 +01:00

clawbot referenced this issue 2026-03-01 23:23:29 +01:00

Spec review: design issues and edge cases in README #5

clawbot closed this issue 2026-03-01 23:24:15 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/62-notification-retry-backoff

fix/empty-targets-validation

fix/67-readme-api-endpoints

fix/issue-39-repo-policies

fix/issue-35-retry-timeout

fix/mock-resolver-tests

fix/dns-timeout-and-root-fanout

fix/query-timeout-and-recursive-resolution

fix/make-check-resolver-tests

fix/state-save-data-race

fix/gosec-g704-ssrf

feature/watcher-implementation

feature/unified-targets

No results found.

Labels

Clear labels

bot

Agent's turn to work

merge-ready

All checks pass, reviewed, rebased, ready for merge

needs-checks

make check does not pass cleanly

needs-rebase

PR has merge conflicts or is behind main

needs-review

Code review not yet done

needs-rework

Code review found issues to fix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

clawbot sneak

No Assignees clawbot

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sneak/dnswatcher#49