SRV records and cache poisoning
Stefan Puiu
stefan.puiu at gmail.com
Tue Jun 7 06:05:07 UTC 2005
Hello,=20
This is more of a resolver/DNS question than a BIND one, but I thought
I'd ask it here since there are people on this list that also worked
on the libbind resolver library.
I'm writing this C++ module that does some DNS queries, SRV being one
of them. Now, say that the following scenario happens:
Some malicious user makes me do an SRV query for, say,
_ldap._tcp.domain.com. There he has a setup like this:
;; in the 'domain.com.' zone
_ldap._tcp 3600 IN SRV 10 1 389 www.microsoft.com
and a www.microsoft.com. zone with a bogus IP address:=20
;; www.microsoft.com zone
@
So, when I'd query domain.com.'s nameserver, I'd get an A record
More information about the bind-users
mailing list