Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that the Designate component in OpenStack would enter an infinite loop when processing an internal zone file transfer if a managed DNS zone included a resource record set whose size exceeded the limitations of the DNS protocol, leading to a denial of service. Only authenticated users with access to the Designate component can add such resource record sets. Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Public via: http://seclists.org/oss-sec/2015/q3/226
Upstream bug: https://bugs.launchpad.net/designate/+bug/1471161 External References: http://lists.openstack.org/pipermail/openstack/2015-July/013548.html
Created openstack-designate tracking bugs for this issue: Affects: openstack-rdo [bug 1247952]