DNS Attacks
Les Mikesell
lesmikesell at gmail.com
Fri Jul 25 17:23:39 UTC 2008
bruce wrote:
> As I understand the issue. The issue is one of being able to poison the DNS
> app on the DNS server. There's not really much the casual user can do, aside
> from switching to another DNS/IP address that's safe. But the rub is, do you
> really know if the DNS/IP you're switching to is safe!
If you are really paranoid (or about to do large transactions on what
you hope is your banking site), you could do a 'whois' lookup for the
target domain to find their own name servers and send a query directly
there for the target site.
> The best approach, would probably be a system to allow you to poll a few DNS
> servers, and to take the returned ip address that comes back from the most
> of them as the "correct" ip address!! but this isn't implemented anywhere as
> far as i know....
dig @dns_server target_name
will send a query to a specified DNS resolver. Most public-facing
servers will only resolve the names of their own zones, especially now.
I think the current vulnerability only involves cached addresses for
which the server is not primary or secondary.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list