[dns-operations] DNS hijack?

Fred Morris m3047 at m3047.net
Tue Nov 20 19:05:36 UTC 2012


Ah, the good old bad old days. :-)

On Tue, 20 Nov 2012, Feng He wrote:
> > ;; ANSWER SECTION:
> > geocast.net.            735     IN      MX      10 ALT2.ASPMX.L.GOOGLE.COM.
> > geocast.net.            735     IN      MX      20 ASPMX2.GOOGLEMAIL.COM.
> > geocast.net.            735     IN      MX      5 ASPMX.L.GOOGLE.COM.
> > geocast.net.            735     IN      MX      10 ALT1.ASPMX.L.GOOGLE.COM.
> >
> > ;; ADDITIONAL SECTION:
> > ASPMX.L.GOOGLE.COM.    2626    IN      A       1.2.3.4
> > ALT1.ASPMX.L.GOOGLE.COM.    2626    IN      A       5.6.7.8
> > ALT2.ASPMX.L.GOOGLE.COM.    2626    IN      A       1.2.3.4
> > ASPMX2.GOOGLEMAIL.COM.    2626    IN      A       5.6.7.8
>
> As shown above google's addresses can be faked.
> How will a local DNS server prevent this hijack DNS records?

I believe that appropriately paranoid (you're not paranoid if they really
are out to get you) nameserver implementations these days won't use what's
in the additional section here because it's out of bailiwick.

Are you using some specific resolver which does?

--

Fred Morris



More information about the dns-operations mailing list