Vulnerability Development mailing list archives
Re: DNS exploit
From: "Chris A. Mattingly" <chris.mattingly () INTERPATH NET>
Date: Wed, 23 Aug 2000 07:16:02 -0400
BIND 8.2.3-T5B doesn't seem to be vulnerable to this, since it won't even load a zone file with a CNAME for the domain. (e.g. @ IN CNAME www.domain.com. ) -Chris George wrote:
Here's an interesting DNS exploit. I'll give the full steps like I wanted to take down an ISP's name servers. First, find an ISP willing to run secondary DNS for you. Register a domain, only list the ISP's DNS servers as authorative for the domain but have the ISP set up to run secondary to your DNS server. Ok, now create a domain.com zone. In that zone create an A record for www.domain.com and then create a Cname for domain.com and point it to www.domain.com. Let it replicate out to the ISP's servers, then do a bunch of queries for domain.com from their servers. Takes a little time but it basically creates a really nasty loop. (not sure if it happens with all DNS servers) For an ISP who is willing to run secondary DNS I don't see any way to protect against this type of thing. I've not investigated if it could be used against cache in an unrelated DNS server but I suppose it's possible. Geo.
Attachment:
chris.mattingly.vcf
Description: Card for Chris A. Mattingly
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- DNS exploit George (Aug 22)
- Re: DNS exploit Chris A. Mattingly (Aug 23)
- Re: DNS exploit Gordon Messmer (Aug 23)
- Re: DNS exploit Geo. (Aug 24)
- Re: DNS exploit Ryan Permeh (Aug 24)
- Re: DNS exploit Chris A. Mattingly (Aug 24)
- Re: DNS exploit Geo. (Aug 24)