Very Senior Member
nice catch.WHEW!!! Took me some time to find where I found that information. I've only been trying to wrap my mind around the issue since 7:39PM last night. and then posting on this thread when I could try to ask a coherent question, expressing my concern and to discover mitigations.
NOTE: Toward the End of the Security Now Podcast (I love that show too) They do emphasize that the problem resides with the DNS server being spoofed to provide you the Client with incorrect DNS. Bind, Unbound, and DNSmasq are vulnerable.
CVE-2020-25705 https://www.saddns.net/ [Discussion starts 1:15:13 into podcast] https://blog.cloudflare.com/sad-dns-explained/ https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html...www.snbforums.com
[At 1:54:43 into podcast] Leo Laporte mentions that the researchers told DNS Public Resolvers including Cloudflare about this issue before they published their paper.