testing vulnerability against secondary NS
Kevin Darcy
kcd at chrysler.com
Tue Aug 12 04:51:02 UTC 2008
Chris Henderson wrote:
> I am testing the recent DNS vulnerability against my secondary name server
> from my local machine
> ("dig @<ip_of_nameserver> +short porttest.dns-oarc.net TXT" and also
> "nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net.")
>
> But strangely it is giving me the result of my primary name server! Every time
> I try to query, it gives me back my primary name server's result. I also tried
> doxpara.com and https://www.dns-oarc.net/oarc/services/dnsentropy
>
> My local machine's /etc/resolv.conf has only one nameserver entry - my
> secondary name server.
>
> Also, if I try to resolve a hostname I can query my secondary name server and
> get the answer back. So I know my secondary name server is working.
>
> Does anyone know how can I test the vuln. against my secondary name server?
>
>
Well, what's the config of your so-called "secondary nameserver"?
Does it just forward to the "primary"?
If so, then that's where the queries will be seen to originate, by the
vulnerability-testing tools.
Another possibility is that you have a NAPT device multiplexing both
your "primary" and "secondary" nameservers into single address. Since it
would need to use different port numbers to accomplish this, the exact
implementation/configuration details of the NAPT would have an effect on
whether you get a "good" or "ok" result from the vulnerability-testing
tools.
- Kevin
More information about the bind-users
mailing list