Penetration Testing mailing list archives
Re: [PEN-TEST] DNS testing tool
From: Max Vision <vision () WHITEHATS COM>
Date: Wed, 7 Mar 2001 16:32:14 -0800
On Wed, 7 Mar 2001, Simon Waters wrote:
Laura Nu?ez wrote:I am trying to find any tool to pen test a DNS server, or documentation about best practices to set it up.I'm about to review DNS Expert from Mice and Men - no idea yet but it gets good reviews - some security stuff is hard to automate as it implies you need to have both valid and invalid IP - nslookup can do zone transfers so no need to install extra software everywhere.
DNS Expert is excellent for troubleshooting DNS configuration issues, but it only touches on security very briefly (spoofing vulnerability and SMTP mail relay - though that's not really a DNS function IMHO). I saw a decent overview of DNS security here: http://www.acmebw.com/papers/securing.pdf -stay current -restrict zone transfers -authenticate axfr with tsig (wh00ps!:) -restrict dynamic updates -protect against spoofing -turn off recursion -turn off flue fetching -restrict queries -restrict recursive queries -split service name servers Max
Current thread:
- [PEN-TEST] DNS testing tool Laura Nuñez (Mar 07)
- Re: [PEN-TEST] DNS testing tool William D. Colburn (aka Schlake) (Mar 07)
- Re: [PEN-TEST] DNS testing tool Gary E. Miller (Mar 07)
- Re: [PEN-TEST] DNS testing tool Noel Rosenberg (Mar 07)
- Re: [PEN-TEST] DNS testing tool Simon Waters (Mar 07)
- Re: [PEN-TEST] DNS testing tool Max Vision (Mar 07)
- Re: [PEN-TEST] DNS testing tool van der Kooij, Hugo (Mar 08)
- <Possible follow-ups>
- Re: [PEN-TEST] DNS testing tool Malf Easance (Mar 07)
- Re: [PEN-TEST] DNS testing tool JJ (Mar 09)