Is this a DNS security hole?
William Stacey [MVP]
staceywREMOVE at mvps.org
Mon May 3 14:31:29 UTC 2004
I would notify Register.com of this. They should not be putting this glue
record in without checking with the victim.com domain owner.
--
William Stacey, MVP
"Ivan Yonge" <yongenospanivan235 at hotmail.com> wrote in message
news:%twkc.320456$2oI1.77055 at twister01.bloor.is.net.cable.rogers.com...
> First of all, I am not an expert in DNS... that's why I am here to ask
for
> help. don't laugh at me if I am wrong.
>
> I have tested this with my domain, this seems like a security hole to
me..My
> domain is registered with Register.com
>
> 1. Go to Register.com, login to my account (say "mycompany.com", doesn't
> matter)
> 2. Add a new DNS entry
> 3. They will ask for HOST NAME and IP ADDRESS (they used to ask HOST name
> only, not IP).
> 4. type host="testing.victim.com" (the host of the victim)
> 5. type ip = "24.102.80.12" (the IP address I want to point to, I just
make
> it up)
> 6. submit
> 7. After 24 hours, all the world's DNS server will resolve
> testing.victim.com as 24.102.80.12. If you PING testing.victim.com from
any
> server in the world, say network-tools.com gives you 24.102.80.12
>
> This is not good, now "testing.victim.com" is tied to the IP address,
it
> doesn't even try to resolve it from "victim.com" 's DNS server..... why
is
> this happening?? I have used http://network-tools.com/nslook/Default.asp
> to verify my result..
>
> If this is true, anyone can hijack other people's domain name using DNS
and
> point to his IP address? this is scary..
>
> Help..
>
>
>
>
>
>
More information about the bind-users
mailing list