Re: DNS exploit

["Chris A. Mattingly" <chris.mattingly () INTERPATH NET>]

BIND 8.2.3-T5B doesn't seem to be vulnerable to this, since it
won't even load a zone file with a CNAME for the domain.
(e.g.     @  IN  CNAME  www.domain.com. )

-Chris

George wrote:
> Here's an interesting DNS exploit. I'll give the full steps like I wanted to
> take down an ISP's name servers.
>
> First, find an ISP willing to run secondary DNS for you.
>
> Register a domain, only list the ISP's DNS servers as authorative for the
> domain but have the ISP set up to run secondary to your DNS server.
>
> Ok, now create a domain.com zone. In that zone create an A record for
> www.domain.com and then create a Cname for domain.com and point it to
> www.domain.com.
>
> Let it replicate out to the ISP's servers, then do a bunch of queries for
> domain.com from their servers. Takes a little time but it basically creates
> a really nasty loop. (not sure if it happens with all DNS servers)
>
> For an ISP who is willing to run secondary DNS I don't see any way to
> protect against this type of thing. I've not investigated if it could be
> used against cache in an unrelated DNS server but I suppose it's possible.
>
> Geo.

Attachment: chris.mattingly.vcf
Description: Card for Chris A. Mattingly

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature