DNS exploit

[George <georger () NLS NET>]

Here's an interesting DNS exploit. I'll give the full steps like I wanted to
take down an ISP's name servers.

First, find an ISP willing to run secondary DNS for you.

Register a domain, only list the ISP's DNS servers as authorative for the
domain but have the ISP set up to run secondary to your DNS server.

Ok, now create a domain.com zone. In that zone create an A record for
www.domain.com and then create a Cname for domain.com and point it to
www.domain.com.

Let it replicate out to the ISP's servers, then do a bunch of queries for
domain.com from their servers. Takes a little time but it basically creates
a really nasty loop. (not sure if it happens with all DNS servers)

For an ISP who is willing to run secondary DNS I don't see any way to
protect against this type of thing. I've not investigated if it could be
used against cache in an unrelated DNS server but I suppose it's possible.

Geo.