Penetration Testing mailing list archives
Re: [PEN-TEST] DNS testing tool
From: Simon Waters <Simon () wretched demon co uk>
Date: Wed, 7 Mar 2001 23:29:13 +0000
Laura Nuñez wrote:
Hi all, I am trying to find any tool to pen test a DNS server, or documentation about best practices to set it up. I have this, by the moment - Disable Zone Transfers - Assign reverse DNS to only those host that require it - Split DNS for internal hosts - Apply fixes, version upgrades to avoid known vulnerabilities - Don't include additional info records, Thare is something else i should account? Or tools to check this automatically? I have been using SamSpade for Zone Transfers.
There is a DNS audit document floating somewhere on the Internet - e-mail me if you don't find anything promising. I'm about to review DNS Expert from Mice and Men - no idea yet but it gets good reviews - some security stuff is hard to automate as it implies you need to have both valid and invalid IP - nslookup can do zone transfers so no need to install extra software everywhere. Delegation problems are one of the most common - affects resistance to DoS if your delegation is iffy, inappropriate use of CNAME's, inconsistent SOA's, BIND version is returned (for the paranoid), inappropriate use of DDNS. I keep adding stuff to my list of things to check for my DNS audits.... Simon -- Want to learn about Linux? Get it installed? Devon and Cornwall LUG Event for UK Linux Day Exeter University - Sunday April 29th 2001 10:00 to 17:00 www.linuxday.org.uk or join D&C LUG www.lug.termisoc.org
Current thread:
- [PEN-TEST] DNS testing tool Laura Nuñez (Mar 07)
- Re: [PEN-TEST] DNS testing tool William D. Colburn (aka Schlake) (Mar 07)
- Re: [PEN-TEST] DNS testing tool Gary E. Miller (Mar 07)
- Re: [PEN-TEST] DNS testing tool Noel Rosenberg (Mar 07)
- Re: [PEN-TEST] DNS testing tool Simon Waters (Mar 07)
- Re: [PEN-TEST] DNS testing tool Max Vision (Mar 07)
- Re: [PEN-TEST] DNS testing tool van der Kooij, Hugo (Mar 08)
- <Possible follow-ups>
- Re: [PEN-TEST] DNS testing tool Malf Easance (Mar 07)
- Re: [PEN-TEST] DNS testing tool JJ (Mar 09)