Vulnerability Development mailing list archives

Re: DNS exploit

From: Ryan Permeh <Ryan () EEYE COM>
Date: Thu, 24 Aug 2000 10:03:43 -0700

forgive me if i'm mistaken, but this should simply return 127.0.0.1 on a
request for both www.domain.com. and domain.com.
this should be totally legit, and should cause no problems.  again, as
someone else asked, where is the DoS in this?  and what type of nameservers
DO this affect badly?
Signed,
Ryan
eEye Digital Security Team
http://www.eEye.com
----- Original Message -----
From: "Geo." <georger () NLS NET>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, August 24, 2000 5:56 AM
Subject: Re: DNS exploit

The record should look like this for all you who want to test your dns.

  @                       CNAME   www
  www                     A       127.0.0.1

Geo.

The "BIND" name server won't be seriously affected by this.  First, if
you attempt to have a hostname that has both an "A" record and a CNAME,
the domain will be rejected outright.  You'll see errors like this:> MSG

Current thread:

DNS exploit George (Aug 22)
- Re: DNS exploit Chris A. Mattingly (Aug 23)
- Re: DNS exploit Gordon Messmer (Aug 23)
  - Re: DNS exploit Geo. (Aug 24)
    - Re: DNS exploit Ryan Permeh (Aug 24)
    - Re: DNS exploit Chris A. Mattingly (Aug 24)