[dns-operations] DNS hijack?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Nov 20 10:37:01 UTC 2012
On Tue, Nov 20, 2012 at 06:25:48PM +0800,
Feng He <fenghe at nsbeta.info> wrote
a message of 59 lines which said:
> >;; ADDITIONAL SECTION:
> >ASPMX.L.GOOGLE.COM. 2626 IN A 1.2.3.4
> >ALT1.ASPMX.L.GOOGLE.COM. 2626 IN A 5.6.7.8
> >ALT2.ASPMX.L.GOOGLE.COM. 2626 IN A 1.2.3.4
> >ASPMX2.GOOGLEMAIL.COM. 2626 IN A 5.6.7.8
>
> As shown above google's addresses can be faked.
> How will a local DNS server prevent this hijack DNS records?
This data is out-of-bailwick (and is not glue either) and should be
ignored by a reasonable resolver.
RFC 5452, section 6.
Of course, DNSSEC would prevent this poisoning as well.
More information about the dns-operations
mailing list