| Impact |
| + |
A remote attacker authorized to send queries can force the recursor to serve answers without DNSSEC-related records to DNSSEC-enabled queries, or can trick the recursor into thinking an authoritative server does not handle EDNS correctly, causing validation failures. A remote attacker authorized to send queries and controlling a malicious authoritative server can crash the recursor by making it send queries to their server then replying with crafted answers. |
|