Vulnerability Development mailing list archives
Re: (lame) spoofing DNS with hosts files...
From: salo <salo () Xtrmntr org>
Date: Tue, 21 Aug 2001 05:33:24 +0200
hi there, On Mon, Aug 20, 2001 at 08:24:14PM +0400, Mitino-PTT support wrote:
i think first operating system looks hosts file and then (if not true) makes a dns query
in fact this is not true (i do not know how it works in windows). this is only default configuration on dns-resolver-based-lookups hosts. magical place where it is all configured is /etc/nsswitch.conf, directive "hosts". typically it looks as follows: hosts: files dns this will cause internal resolver to look into /etc/hosts first and only if nothing appropriate is found there ask first external resolver defined in /etc/resolv.conf so if you want to skip /etc/hosts, simply change that line to: hosts: dns and your host will always ask external resolver for dns lookups. there are another possibilities like ask nis resolver, etc. -> man nsswitch.conf in your favorite UNIX-like OS
its not a bug or vulnerability it is feature (which came from ancient times when there was no domain name system on the Earth)
/etc/hosts is especially usable in small LANs without external resolver/dns server configured, etc.
i think it is not a topic for this list
sure. this is topic for "fundamentals of [insert your favorite OS here]" ond "newbie to dns".
C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts C:\WINDOWS>ping www.hotmail.com Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time=38ms TTL=255 Ping statistics for 192.168.1.2: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 38ms, Maximum = 38ms, Average = 38ms Control-C Tested the same thing under linux too... no suprises really I spose just something to ponder...
what about placing: zone "." { type master; file "surprise"; }; into your 'named.conf' and then put: * IN A 127.0.0.1. into 'surprise' and starting bind? you have whole internet on your desk! great, isn't it? no, it is not. please read some documents describing how dns resolving and OS you are using work and get a clue about it. thank you -- -- salo <salo () Xtrmntr org> ASCII Ribbon campaign against /"\ -- -- <salo () silcnet org> e-mail in gratuitous HTML and \ / -- -- Microsoft proprietary formats X -- -- http://Xtrmntr.org/salo.pgp / \ --
Current thread:
- (lame) spoofing DNS with hosts files... .MetsyS. (Aug 20)
- Re: (lame) spoofing DNS with hosts files... Nelson Brito (Aug 20)
- <Possible follow-ups>
- Re: (lame) spoofing DNS with hosts files... Mitino-PTT support (Aug 20)
- Re: (lame) spoofing DNS with hosts files... .MetsyS. (Aug 20)
- Re: (lame) spoofing DNS with hosts files... salo (Aug 20)
- RE: (lame) spoofing DNS with hosts files... John Thornton (Aug 21)