[dns-operations] DNS hijack?
bortzmeyer at nic.fr
Tue Nov 20 10:37:01 UTC 2012
On Tue, Nov 20, 2012 at 06:25:48PM +0800,
Feng He <fenghe at nsbeta.info> wrote
a message of 59 lines which said:
> >;; ADDITIONAL SECTION:
> >ASPMX.L.GOOGLE.COM. 2626 IN A 22.214.171.124
> >ALT1.ASPMX.L.GOOGLE.COM. 2626 IN A 126.96.36.199
> >ALT2.ASPMX.L.GOOGLE.COM. 2626 IN A 188.8.131.52
> >ASPMX2.GOOGLEMAIL.COM. 2626 IN A 184.108.40.206
> As shown above google's addresses can be faked.
> How will a local DNS server prevent this hijack DNS records?
This data is out-of-bailwick (and is not glue either) and should be
ignored by a reasonable resolver.
RFC 5452, section 6.
Of course, DNSSEC would prevent this poisoning as well.
More information about the dns-operations