====== KeyTrap ======

{{htmlmetatags>
metatag-media-og:image=(:f:start:dns-icon.png)
metatag-og:title=(KeyTrap)
}}

{{ :f:start:dns-icon.png?200 |}} \\

KeyTrap is a vulnerability in the DNSSEC specification that allows for hackers to enact denial-of-service attacks using a single DNS packet.
KeyTrap is also denoted as [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387|CVE-2023-50387]].

===== Terms and Definitions =====

==== DNS ====

DNS((https://datatracker.ietf.org/doc/html/rfc1035)) (Domain Name System) is a system in computer networking that maps domain names, such as <code>wiki.charles.systems</code> to the IP addresses of the physical machines hosting websites, such as <code>188.114.96.3</code>
DNS is a core part of how the internet functions.
Initially a manually-moderated text file mapping domains to IPs, DNS eventually grew into a distributed network of domain-resolving machines.((https://datatracker.ietf.org/doc/html/rfc3467))

==== DNSSEC ====

DNSSEC((https://datatracker.ietf.org/doc/html/rfc9364)) (Domain Name System Security Extensions) is a series of extensions to DNS that serve to cryptographically authenticate the origins of data sent via DNS.

===== Vulnerability Overview =====

Todo

===== Section 2 =====

Todo