Vulnerability Development mailing list archives

Re: DNS exploit

From: "Chris A. Mattingly" <chris.mattingly () INTERPATH NET>
Date: Thu, 24 Aug 2000 12:45:45 -0400

"Geo." wrote:


The record should look like this for all you who want to test your dns.

  @                       CNAME   www
  www                     A       127.0.0.1

Geo.

The "BIND" name server won't be seriously affected by this.  First, if
you attempt to have a hostname that has both an "A" record and a CNAME,
the domain will be rejected outright.  You'll see errors like this:> MSG


As has been said before, bind will not accept a CNAME for the
domain record.  Maybe other DNS implementations do, but not
the latest stable version of bind.

This is due to the fact that the domain name has other information
associated with it and CNAME records cannot/should not have any
other information other than what record they're CNAME'ed to.

-Chris

Attachment: chris.mattingly.vcf
Description: Card for Chris A. Mattingly

Current thread:

DNS exploit George (Aug 22)
- Re: DNS exploit Chris A. Mattingly (Aug 23)
- Re: DNS exploit Gordon Messmer (Aug 23)
  - Re: DNS exploit Geo. (Aug 24)
    - Re: DNS exploit Ryan Permeh (Aug 24)
    - Re: DNS exploit Chris A. Mattingly (Aug 24)