DNS spoof protection, please explain
McNutt, Justin M.
McNuttJ at missouri.edu
Sat Nov 17 19:46:55 UTC 2001
It keeps people from hijacking each others' name spaces.
Example: I own 128.206.*.*. I set up a reverse record for 128.206.1.1 in
my name server and call it "www.ptd.net".
Then I telnet to someplace. That place looks up 128.206.1.1, which comes to
my name server, because I own the inverse name space. My server says,
"That's www.ptd.net." However, when the telnet server looks up www.pdt.net,
it goes to the ptd.net name server, who says that www.ptd.net is NOT
128.206.1.1. Www.ptd.net may not even exist. Therefore my connection
fails, because I tried to hijack the ptd.net name space.
That's *one* reason those checks are there.
--J
> -----Original Message-----
> From: William Earnest [mailto:wde3 at ptd.net]
> Sent: Saturday, November 17, 2001 11:51 AM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: DNS spoof protection, please explain
>
>
>
> Hello all,
>
> With a new ISP, I am unable to connect to some servers
> because they
> use my IP addr. to get a name, then lookup the name to verify the
> address comes back. This is failing, the name returned
> doesn't have any
> resolution. As I have to convice tech support the problem is real, I
> could use a clear explanation of what the check is supposed
> to protect
> from. I have checked "DNS and BIND" as well as a couple of security
> books, but have come up empty handed. Thansk much for any
> education you
> can offer.
> --
> Bill Earnest wde3 at ptd-dot-net Linux Powered
> Allentown, PA, USA
> Computers, like air conditioners, work poorly with Windows open.
>
More information about the bind-users
mailing list