Huston: KeyTrap!

Geoff Huston digs into the
details of the KeyTrap DNS vulnerability, which was disclosed in February.

It's by no means '[devastating]' for the DNS, and the fix is much the
same as the previous fix. As well as limiting the number of queries
that a resolver can generate to resolve a queried name, a careful
resolver will limit both the elapsed time and perhaps the amount of
the resolver's processing resources that are used to resolve any
single query name.

It's also not a novel discovery by the ATHENE folk. The
vulnerability was described five years ago by a student at the
University of Twente. I guess the issue was that the student failed
to use a sufficient number of hysterical adjectives in describing
this DNS vulnerability in the paper!