Re: How DNS works

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2006-04-01 Craig Wright wrote:
> To alleviate some ignorance regarding the DNS process and public
> servers. 
>
> 1          DNS
>
> DNS Servers are public if they are a part of the public domain
> hierarchy. This is NOT that they are on the Internet. This is NOT if
> anyone can connect to port 53 and use them.
>
> DNS Servers are public if and ONLY if they have become an authorised
> part of the DNS infrastructure.
>
> This is a contractual agreement. To connect a DNS Server to the
> hierarchy it needs to serve a domain. To do this the higher level
> domain server and your domain system have an agreement - a contract
> (and please contracts are not required to be written) which exists
> with implied rights and restraints as dictated by the Internet
> community and the standards associated with use and the various domain
> bodies.

Says who? Is that your belief? An Internet standard? A law?

But it doesn't matter anyway, so let's take it as given for now.

> How this works;
>
> Say I want to register              ignorant.com
>
> I have to go to a register and apply to register the domain (in this
> case with a .com authority). There are terms in the contract which is
> formed.
>
> Thus the name servers which are listed in the application and thus in
> the DNS hierarchy are public.

Irrelevant to this discussion.

> If I stick a server -ex               ignorant.private
>
> On the internet for the use of the Internal network, than this is
> PRIVATE.

Wrong. If you want a nameserver for your internal network then put it
into your internal network. If you put it on the Internet, there is no
way anyone could know you'd want it to be private.

What you said above about DNS refers to the public Domain Name System,
and in fact I cannot have a nameserver be part of this system without
registering it. However, I can very well have a PUBLIC nameserver that
is NOT PART of this system.

> If it is secure of not has NO relevance to the status of being public
> or private - this is a separate issue.

True.

> 2          Google and robots.txt
>
> Web servers are placed on the Internet for a public function UNLESS
> there is a mechanism to control or restrict access (a password for
> example). Private servers do not need to be secure, but there needs to
> be "some" attempt to restrict access (VERY lame attempts included)

Exactly what I said.

> There is an applied contractual agreement for public use of the site
> made by the act of placing the data as a public site. This is dictated
> by the standards associated with the protocol. - see RFC's and
> standards for details.

Bullshit. Sorry, but there's no other word for this. You can't have a
"contractual agreement" with the public. Who of "the public" do you
think agreed to it?

> "robots.txt" is a valid part of the standard.

What standard? "robots.txt" is not part of any standard, it's a
convention.

> Google does not scan the internet for IP addresses that have port 80
> open. It does not scan to see if web servers are available on other
> ports. It links from other sites. This is the purpose of the web. 

That wasn't the question here. How does Google get permission to access
a server, so it can read the robots.txt in the first place? Even if the
spider follows links, it must start somewhere.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------