root servers
Brett L. Hawn
blh at nol.net
Fri Feb 14 02:57:15 UTC 1997
While I am not at liberty at this time to release the documentation in my
hands as the invidual who wrote it would like to try and get a patch
available before releasing his advisory. Put simply, he has 'discovered',
documented, and made available his methods, a method to forge DNS
information in a way that would/could cause the errors you are seeing in the
root name servers. The following is an excerpt that I don't think he'll get
pissed about if I release:
Because of the severity of the problem at hand, no source code will be made
available. However, I have setup a service that you can use to test your
dns servers to see if they are vulnerable. I have setup certain domain names
off the sventech.com domain which when queried will send additional
information in the packet to attempt to get bind to cache. Here is a list of
the domain names and the information they try to cache:
begin.dns.sventech.com
Will load a domain name of this.is.a.test.domain with an A record of
1.2.3.4 and a MX record of mail.test.domain with a priority of 10
for
test.domain. It will also give it a NS record that points to
ns.test.domain which has an IP address of 4.3.2.1
add.dns.sventech.com
This will add an A record of 3.1.33.7 to this.is.a.test.domain
mx.dns.sventech.com
This will add an MX record of mail.competitor.domain to test.domain
with a priority of 5
On Thu, 13 Feb 1997, Matthew Kaufman wrote:
>
>
> for the past few hours, we've been seeing certain root servers
> intermittently claiming that certain names don't exist, and then
> changing their mind a few minutes later.
>
> anyone else seeing this? did i miss an announcement of problems?
>
> -matthew kaufman
> matthew at scruz.net
>
[-] Brett L. Hawn (blh @ nol dot net) [-]
[-] Networks On-Line - Houston, Texas [-]
[-] 713-467-7100 [-]
More information about the NANOG
mailing list