pharming.. dns cache insertion...

Brad Knowles brad at stop.mail-abuse.org
Sun Apr 10 19:14:04 UTC 2005 

At 2:45 PM -0700 2005-04-09, bruce wrote:

>  if i am, then in theory, it appears to me that one could essentially build a
>  reasonably accurate list of valid IP Addresses for a given URL... in order
>  to maintain the accuracy, one would have to continually 'build/maintain' the
>  list, but it seems that it could be done.. am i missing something?

	No, it couldn't be done, because you can't generate the same 
queries from all possible different locations in the Internet.  Since 
the answers you get could be different for any given query source, 
you have to query from all possible sources.  Of course, then you'd 
have to start all over again, because the load-balancing answers for 
a given query source might have changed.

>  also, if i get an IP Address for a given URL, how do you determine if it's
>  really valid?

	Depends on what you mean by "really valid".  Without DNSSEC and 
strong cryptographic signatures on DNS data, the best possible answer 
you can get will still be pretty weak.

>                 would you have to go back to the authoritative DNS to see if
>  the IP is valid.

	That's assuming that there isn't someone sitting between you and 
them, watching all your queries and generating whatever answers they 
want you to see.  That's assuming that your own cache isn't 
poisoned/polluted with respect to the IP addresses of the 
authoritative nameservers.  That's assuming that the authoritative 
nameservers are correctly configured and handing out correct data.

	That's assuming a lot of things.

>                    is there a list somewhere for a URL of the valid IP
>  Addesses for that URL?

	In the context of DNS, URLs don't exist.  There are domain names, 
and host names, and various different types of records associated 
with host and domain names, but there are no "URLs".

	URLs are something that is constructed based on a host or domain 
name, with some additional information added (such as what protocol 
or port would be used to connect to the service, etc...).

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-users mailing list