Hello,
Given this query, the local DNS response with three sections ANSWER,
AUTHORITY, ADDITIONAL.
;; ANSWER SECTION:
geocast.net. 735 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.
geocast.net. 735 IN MX 20 ASPMX2.GOOGLEMAIL.COM.
geocast.net. 735 IN MX 5 ASPMX.L.GOOGLE.COM.
geocast.net. 735 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.
;; AUTHORITY SECTION:
geocast.net. 3435 IN NS ns2.cloudwebdns.COM.
geocast.net. 3435 IN NS ns3.cloudwebdns.COM.
geocast.net. 3435 IN NS ns1.cloudwebdns.COM.
geocast.net. 3435 IN NS ns4.cloudwebdns.COM.
;; ADDITIONAL SECTION:
ns1.cloudwebdns.COM. 2626 IN A 114.112.51.224
ns2.cloudwebdns.COM. 2626 IN A 173.254.229.119
ns3.cloudwebdns.COM. 2626 IN A 174.140.166.81
ns4.cloudwebdns.COM. 2626 IN A 209.141.54.207
If somebody insert the domain "google.com" and "googlemail.com" into
cloudwebdns.com 's zone files and setup the corresponding records. Thus
ns*.cloudwebdns.com will response the query above with the fake
addresses, like:
;; ANSWER SECTION:
geocast.net. 735 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.
geocast.net. 735 IN MX 20 ASPMX2.GOOGLEMAIL.COM.
geocast.net. 735 IN MX 5 ASPMX.L.GOOGLE.COM.
geocast.net. 735 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.
;; AUTHORITY SECTION:
geocast.net. 3435 IN NS ns2.cloudwebdns.COM.
geocast.net. 3435 IN NS ns3.cloudwebdns.COM.
geocast.net. 3435 IN NS ns1.cloudwebdns.COM.
geocast.net. 3435 IN NS ns4.cloudwebdns.COM.
;; ADDITIONAL SECTION:
ASPMX.L.GOOGLE.COM. 2626 IN A 1.2.3.4
ALT1.ASPMX.L.GOOGLE.COM. 2626 IN A 5.6.7.8
ALT2.ASPMX.L.GOOGLE.COM. 2626 IN A 1.2.3.4
ASPMX2.GOOGLEMAIL.COM. 2626 IN A 5.6.7.8
As shown above google's addresses can be faked.
How will a local DNS server prevent this hijack DNS records?
Thanks.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
