[dns-operations] DNS deluge for x.p.ctrc.cc

Paul Vixie paul at vix.com
Mon Feb 27 04:10:44 UTC 2006

# 	The are plently of other methods, beyond direct DNS queries,
# 	that expose nameservers to cache poisoning techniques.
# 	Turning off global recursion won't save you from being cache
# 	poisoned if your nameserver is vulnerable.  The best way to
# 	be protected from cache poisoning is to have up to date
# 	nameservers.

recursive nameservers can be poisoned without using any code bugs.  all you
need to do is own a real domain for a short while (like, from when you start
using it in outbound phish spam, until it gets cancelled by the registrar).
you publish your www.whatever.biz A RRset with an obscenely long TTL, and
use one a rented botnet to slow-scan your list of ~580K open recursive name
servers with queries for that A RRset.  then, even though your domain gets
cancelled, most victims of your phish spam will still be able to look up your
(now dead) A RRset.

the ways in which open recursive name servers are dangerous, are innumerable.

More information about the dns-operations mailing list