Penetration Testing mailing list archives

Re: [PEN-TEST] DNS testing tool

From: Max Vision <vision () WHITEHATS COM>
Date: Wed, 7 Mar 2001 16:32:14 -0800

On Wed, 7 Mar 2001, Simon Waters wrote:

Laura Nu?ez wrote:

        I am trying to find any tool to pen test a DNS server, or
documentation about best practices to set it up.


I'm about to review DNS Expert from Mice and Men - no idea yet but it
gets good reviews - some security stuff is hard to automate as it
implies you need to have both valid and invalid IP - nslookup can do
zone transfers so no need to install extra software everywhere.


DNS Expert is excellent for troubleshooting DNS configuration issues, but
it only touches on security very briefly (spoofing vulnerability and SMTP
mail relay - though that's not really a DNS function IMHO).

I saw a decent overview of DNS security here:
http://www.acmebw.com/papers/securing.pdf

-stay current
-restrict zone transfers
-authenticate axfr with tsig (wh00ps!:)
-restrict dynamic updates
-protect against spoofing
-turn off recursion
-turn off flue fetching
-restrict queries
-restrict recursive queries
-split service name servers

Max

Current thread:

[PEN-TEST] DNS testing tool Laura Nuñez (Mar 07)
- Re: [PEN-TEST] DNS testing tool William D. Colburn (aka Schlake) (Mar 07)
- Re: [PEN-TEST] DNS testing tool Gary E. Miller (Mar 07)
- Re: [PEN-TEST] DNS testing tool Noel Rosenberg (Mar 07)
- Re: [PEN-TEST] DNS testing tool Simon Waters (Mar 07)
  - Re: [PEN-TEST] DNS testing tool Max Vision (Mar 07)
- Re: [PEN-TEST] DNS testing tool van der Kooij, Hugo (Mar 08)
- <Possible follow-ups>
- Re: [PEN-TEST] DNS testing tool Malf Easance (Mar 07)
- Re: [PEN-TEST] DNS testing tool JJ (Mar 09)