DNS Attacks

[Les Mikesell]

bruce wrote:
> As I understand the issue. The issue is one of being able to poison the DNS
> app on the DNS server. There's not really much the casual user can do, aside
> from switching to another DNS/IP address that's safe. But the rub is, do you
> really know if the DNS/IP you're switching to is safe!

If you are really paranoid (or about to do large transactions on what 
you hope is your banking site), you could do a 'whois' lookup for the 
target domain to find their own name servers and send a query directly 
there for the target site.

> The best approach, would probably be a system to allow you to poll a few DNS
> servers, and to take the returned ip address that comes back from the most
> of them as the "correct" ip address!! but this isn't implemented anywhere as
> far as i know....

dig @dns_server target_name
will send a query to a specified DNS resolver.  Most public-facing 
servers will only resolve the names of their own zones, especially now. 
  I think the current vulnerability only involves cached addresses for 
which the server is not primary or secondary.

-- 
   Les Mikesell
    lesmikesell at gmail.com