DNS spoofing
Gregory Hicks
ghicks at hicks-net.net
Fri Jan 16 20:02:22 UTC 2009
> Date: Fri, 16 Jan 2009 10:47:27 -0800
> Subject: Re: DNS spoofing
> From: Josh Kuo <josh.kuo at gmail.com>
> To: Ben Croswell <ben.croswell at gmail.com>
> Cc: bind-users at lists.isc.org
>
> Oops, I missed that part. Sorry, yes, as Ben pointed out, my proposed
> solution will take over *ALL* records in somedomain.com, anything you
> don't list in your somedomain.com will NOT be resolved.
BUT!... If the NAME of the zone to be spoofed is
zone "HOST.spoofed.zone" IN {
type master;
file "db.HOST.spoofed.zone"
allow-update...
}
And "db.HOST.spoofed.zone" contains: (Of course, you can put anything
in here that you fits your installation...)
@ IN SOA metis.example.net. root.metis.example.net. (
20041217 ; serial number
300 ; refresh
600 ; retry
6300 ; expire
300 ) ; minimum TTL
;
; Zone NS records
;
@ IN NS metis.example.net.
;
; Zone records
;
@ IN A 127.0.0.1
Then the ONLY host to be resolved will be $HOST. Anything else falls
through to the original zone.
This solution only takes over ONE (1) host record in the zone.
Regards,
Gregory Hicks
---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
| Direct: 408.569.7928
People sleep peaceably in their beds at night only because rough men
stand ready to do violence on their behalf -- George Orwell
The price of freedom is eternal vigilance. -- Thomas Jefferson
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
More information about the bind-users
mailing list