Is this a DNS security hole?
Ivan Yonge
yongenospanivan235 at hotmail.com
Fri Apr 30 17:59:23 UTC 2004
First of all, I am not an expert in DNS... that's why I am here to ask for
help. don't laugh at me if I am wrong.
I have tested this with my domain, this seems like a security hole to me..My
domain is registered with Register.com
1. Go to Register.com, login to my account (say "mycompany.com", doesn't
matter)
2. Add a new DNS entry
3. They will ask for HOST NAME and IP ADDRESS (they used to ask HOST name
only, not IP).
4. type host="testing.victim.com" (the host of the victim)
5. type ip = "24.102.80.12" (the IP address I want to point to, I just make
it up)
6. submit
7. After 24 hours, all the world's DNS server will resolve
testing.victim.com as 24.102.80.12. If you PING testing.victim.com from any
server in the world, say network-tools.com gives you 24.102.80.12
This is not good, now "testing.victim.com" is tied to the IP address, it
doesn't even try to resolve it from "victim.com" 's DNS server..... why is
this happening?? I have used http://network-tools.com/nslook/Default.asp
to verify my result..
If this is true, anyone can hijack other people's domain name using DNS and
point to his IP address? this is scary..
Help..
More information about the bind-users
mailing list