A RR && DNS spoofing
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon May 27 01:01:11 UTC 2002
> Hi!
>
> I have some questions.
> (1) Can I use such records in my zone file?
> IN MX 0 mail.domain.lv.
> mail IN A 1.2.3.4
> pop IN A 1.2.3.4
> www IN A 1.2.3.4
> I mean that many hosts point to the one IP address?
Yes.
> Is it correct and rfc compatible?
Yes.
> Or beter use CNAMEs for pop & www?
Your choice.
> reverse zone will point to mail.domain.lv
Fine. You have choosen one. I would also use that name as
the hostname on the machine.
> (2) I read Men & Mice articles about DNS spoofing!
> I`m wondering is BIND 9.2.x vulnerabile to such attacks?
All caching DNS servers are vulnerable to such attacks
unless the responses are authenticated via cryptographic
methods (DNSSEC/TSIG/IPSEC).
> Is it beter to set up two internal NS (one for domain.lv serving
> and other for recursive internal clients)?
Slightly, but again this is your choice.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list