Hijacking third party DNS servers?
Tim Maestas
tmaestas at dnsconsultants.com
Sat Feb 24 00:15:28 UTC 2001
It is true to say that any publicly addressed server
on the internet is free to be queried for a given
domain if it is advertsied as authoritative for that
domain. If you don't like people querying for hosts
in zones you do not host, do as the quoted excerpt
sugggests and restrict recursion. If you are a caching
only nameserver, and only want your known clients to
be able to query it, then restrict queries.
-Tim
------------------------------------------
http://www.dnsconsultants.com
DNS and other network consulting
------------------------------------------
On 23 Feb 2001 scheidell at fdma.com wrote:
> Due to the great number of DNS problems, we have been monitoring our DNS
> servers closely.
>
> What we have started to find, is new 'improved' programs that are
> attempting to use OUR DNS cache for their queries (rather than
> root.servers, or their isp's servers)
>
> I think this is similar to mail relay rape: you are asking my server to do
> YOUR work: . If you send email to MY host and ask me to relay it to a
> third host, neither of which I own, maintain or have MX records for, it is
> theft of services If you ask MY host to resolve a query for YOU, and I
> don't maintain YOUR host, and I don't provide DNS records for that third
> host, its theft of services (no matter how small)
>
> If you send a query to my dns server, and I do not host YOU, and I do not
> host the TARGET, then you are asking my server to spend ITS CPU cycles
> looking up information for YOU, when your server is supposed to do the
> same thing.
>
> Here is an excerpt, I disagree on the 'any server on the ..net is
> available to be touched'
>
> As far as 'damaging', no, if just ONE person did it, it would not hurt,
> but what about hundreds or thousands doing it?
>
> "I do disagree with you that it is theft of services to ask a publicly
> addressed DNS server for a simple DNS reply. Any server on the Internet is
> available to be touched as long as it is not malicious or damaging. What
> we are doing is no different than pinging, and I seriously doubt you would
> say it is "theft" to ping a server once in a while that is open to pings.
> Anyone who doesn't want their DNS server to be queried is free to block
> recursive or other lookups from networks they don't control. This is a
> fact. "
>
> --
> Michael Scheidell
> Florida Datamation, Inc.
> scheidell at fdma.com / 1+(561) 368-9561
> Internet Security and Consulting
> See updated IT Security News at http://www.fdma.com
>
>
>
More information about the bind-users
mailing list