[dns-operations] DNS hijack?

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Nov 20 10:37:01 UTC 2012

On Tue, Nov 20, 2012 at 06:25:48PM +0800,
 Feng He <fenghe at nsbeta.info> wrote 
 a message of 59 lines which said:

> >ASPMX.L.GOOGLE.COM.    2626    IN      A
> >ALT1.ASPMX.L.GOOGLE.COM.    2626    IN      A
> >ALT2.ASPMX.L.GOOGLE.COM.    2626    IN      A
> >ASPMX2.GOOGLEMAIL.COM.    2626    IN      A
> As shown above google's addresses can be faked.
> How will a local DNS server prevent this hijack DNS records?

This data is out-of-bailwick (and is not glue either) and should be
ignored by a reasonable resolver.

RFC 5452, section 6.

Of course, DNSSEC would prevent this poisoning as well.

More information about the dns-operations mailing list