[dns-operations] DNS hijack?
m3047 at m3047.net
Tue Nov 20 19:05:36 UTC 2012
Ah, the good old bad old days. :-)
On Tue, 20 Nov 2012, Feng He wrote:
> > ;; ANSWER SECTION:
> > geocast.net. 735 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.
> > geocast.net. 735 IN MX 20 ASPMX2.GOOGLEMAIL.COM.
> > geocast.net. 735 IN MX 5 ASPMX.L.GOOGLE.COM.
> > geocast.net. 735 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.
> > ;; ADDITIONAL SECTION:
> > ASPMX.L.GOOGLE.COM. 2626 IN A 184.108.40.206
> > ALT1.ASPMX.L.GOOGLE.COM. 2626 IN A 220.127.116.11
> > ALT2.ASPMX.L.GOOGLE.COM. 2626 IN A 18.104.22.168
> > ASPMX2.GOOGLEMAIL.COM. 2626 IN A 22.214.171.124
> As shown above google's addresses can be faked.
> How will a local DNS server prevent this hijack DNS records?
I believe that appropriately paranoid (you're not paranoid if they really
are out to get you) nameserver implementations these days won't use what's
in the additional section here because it's out of bailiwick.
Are you using some specific resolver which does?
More information about the dns-operations