## page was renamed from DNS/CVE-2019-10190
DNS/CVE-2019-10190について、ここに記述してください。

Knot Resolver vulnerability

https://seclists.org/oss-sec/2019/q3/49

{{{
Impact
======
Under certain circumstances, improper input validation bug in DNS
resolver component of Knot Resolver allows remote attacker to bypass
DNSSEC validation for non-existence answer.

An NXDOMAIN answer would get passed through to the client even if its
DNSSEC validation failed, instead of sending a SERVFAIL packet.


[Impact of exploitation (required)]:
Under certain circumstances this bug allows an attacker to hijack
DNS domains.
}}}

???　hijackにつながるのか。
　　否定応答の SOA レコードに付随する NS や A をキャッシュする実装が存在する。

2018-10-31 DNSSEC は危ない
http://www.e-ontap.com/blog/20181031.html

これの話だとすると、Knot Resolver開発者はいまも説明していない。
-- ToshinoriMaeno <<DateTime(2019-07-16T08:28:54+0900)>>

This vulnerability is currently awaiting analysis.
https://nvd.nist.gov/vuln/detail/CVE-2019-10190

[[../CVE-2019-10191]]