Is this a DNS security hole?
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Sun May 2 12:01:04 UTC 2004
JH> I can think of [this] possibilit[y]:
JH> - register.com makes the entries in the gtld servers
... which, of course, it does. It's a "com." registrar. That's what it
does. It's a middleman between 2LD registrants and the "com." registry (which
drives what the "com." content DNS servers publish).
<URL:http://www.verisign.net./nds/naming/faq.html#2>
JH> (root servers for .com tld)
Don't abuse the term "root". A TLD server is _not_ a "root" server.
JH> is victim.com registered through register.com too? If not, it's
JH> a *very* serious problem, since any .com registrar could add
JH> arbitrary DNS records to arbitrary domains.
Any "com." registrar can add arbitrary resource records anyway (where
"arbitrary" means "'A' or 'NS'"). The registry only has the registrar's word
that there's even a registrant involved, after all. (The RRP does impose the
restriction that "HOST" and "DOMAIN" records must be registered via the same
registrar.)
JH> When it is registered through register.com, it's only their
JH> security bug.
It's not a Register.COM problem at all, really.
More information about the bind-users
mailing list