DNS Cache Pollution

DNS Cache Pollution

Post by JSO » Thu, 01 Nov 2001 13:18:24



Has anyone seen any incidents of DNS Cache Pollution with running a DNS
server on Solaris?

Thanks,

JSO

 
 
 

DNS Cache Pollution

Post by JSO » Thu, 01 Nov 2001 13:19:50


Has anyone seen any incidents of DNS Cache Pollution with running a DNS
server on Solaris?

Thanks,

JSO

 
 
 

DNS Cache Pollution

Post by Barry Margoli » Fri, 02 Nov 2001 04:34:59




>Has anyone seen any incidents of DNS Cache Pollution with running a DNS
>server on Solaris?

A nameserver's susceptibility to cache poisoning has virtually nothing to
do with the OS it's running on.  BIND's cache management code is
OS-independent.  It's mostly dependent on the version of BIND you're
running.

BIND 8.x and higher do a good job of protecting themselves from the most
common forms of cache poisoning, such as what has been happening for the
past few days with zfreehost.com.  If you're running BIND 4.x, upgrade.

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

DNS Cache Pollution

Post by Mik » Sat, 03 Nov 2001 00:40:28


Found MS article... Q241352... should fix in both nt4 and w2k...
don't know of any side effects.



> >Has anyone seen any incidents of DNS Cache Pollution with running a DNS
> >server on Solaris?

> A nameserver's susceptibility to cache poisoning has virtually nothing to
> do with the OS it's running on.  BIND's cache management code is
> OS-independent.  It's mostly dependent on the version of BIND you're
> running.

> BIND 8.x and higher do a good job of protecting themselves from the most
> common forms of cache poisoning, such as what has been happening for the
> past few days with zfreehost.com.  If you're running BIND 4.x, upgrade.

 
 
 

1. caching dns appears to not cache.

    I'm running  an old version of bind, 8. something. I've set it up to do
caching as stated in the DNS howto . the named.conf is as follows:

// Config file for a caching only name server.

options {
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
listen-on { 10.0.0.1; 127.0.0.1; };
allow-query {
     10.0.0.0/8;
     127.0.0.1;

        // query-source address * port 53;
        forward first;
        forwarders {
           ISP.DNS.ONE.ONE;
           ISP.DNS.ONE.TWO;
        };

//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "root.hints";

zone "0.0.127.in-addr.arpa" {
        type master;
        file "pz/127.0.0";
However, I see dns requests going to our isp and comming back at all times.
computer 1 pings google.com . named does the resolve dance (which I am
watching with tcpdump) and sends the reply to computer 1.

computer 2 pings google.com. named does the resolve dance and sends the
reply to computer 2.

Shouldn't named just reply to computer 2 with the cached ip's ??

joseph

2. file selection dialog w/cde

3. Pragma "no-cache" and Cache-Control "no-cache"

4. Login Attempts/Failures

5. : Log and console pollution: ip_tables: (C) 2000-2002 Netfilter core team

6. rcp with SCO host

7. Ad Extinguisher -- Pollution Control for the Internet

8. (novice) How to delete users? Quotas?

9. namespace pollution in procfs

10. Microsoft Internet pollution

11. page-flags.h pollution?

12. Using bind on linux as dns cache for windows

13. DNS Caching etc..