DNS Poisoning?
18 April 2006, 11:13 AM
#1
Scooby Regular
Thread Starter
Join Date: Jan 2002
Posts: 11,581
Likes: 0
Received 0 Likes
on
0 Posts
DNS Poisoning?
A quick question about DNS poisoning.
If I have a domain name hosted with an ISP and their DNS server is vulnerable to DNS poisoning, can someone hijack the info? My understanding of DNS poisoning is that it will only affect servers that aren't authoratative.
i.e.
DNS server is ns.example.com and holds the authoratative record for www.example.com
Can someone make ns.example.com start serving a different ip address for www.example.com even though it's authoratative for this domain?
My understanding of DNS poisoning is that it will only affect servers that aren't authoratative.
i.e.
I use ns.isp.com as my DNS server on my broadband connection, someone poisons ns.isp.com so that it provides a bogus ip address for www.example.com which works because ns.isp.com is not the authoratative server for www.example.com but trusts information it recieves from any source.
Can anyone set me right?
If I have a domain name hosted with an ISP and their DNS server is vulnerable to DNS poisoning, can someone hijack the info? My understanding of DNS poisoning is that it will only affect servers that aren't authoratative.
i.e.
DNS server is ns.example.com and holds the authoratative record for www.example.com
Can someone make ns.example.com start serving a different ip address for www.example.com even though it's authoratative for this domain?
My understanding of DNS poisoning is that it will only affect servers that aren't authoratative.
i.e.
I use ns.isp.com as my DNS server on my broadband connection, someone poisons ns.isp.com so that it provides a bogus ip address for www.example.com which works because ns.isp.com is not the authoratative server for www.example.com but trusts information it recieves from any source.
Can anyone set me right?
18 April 2006, 01:26 PM
#2
Scooby Regular
Join Date: Oct 2000
Location: Surrey, UK
Posts: 8,384
Likes: 0
Received 0 Likes
on
0 Posts
It's all about poisoning whats in the cache and yes, it affects name servers that are NOT authorative for said domain.
At least, that is my understanding.
Newer versions of bind go some way to stopping this from happening.
Whats prompt this query? (if you don't mind me asking)
At least, that is my understanding.
Newer versions of bind go some way to stopping this from happening.
Whats prompt this query? (if you don't mind me asking)
18 April 2006, 03:41 PM
#3
Scooby Regular
Thread Starter
Join Date: Jan 2002
Posts: 11,581
Likes: 0
Received 0 Likes
on
0 Posts
External "SEO Experts" talking to our marketing department and giving them scary looking documents that then get directors asking me awkward questions. The document claims that because 2 of our domains are hosted on DNS servers that support recursion someone could bring down our sites. I said it was impossible in the sense that no one could tamper with the DNS servers that hold our records and that as we have no control over any other DNS servers there's not really a lot we can do about it i.e. if NTL's servers get poisoned then we'll lose business from NTL customers but we can't prevent it.
Just covering my ****
Just covering my ****
18 April 2006, 05:46 PM
#4
Scooby Regular
Join Date: Oct 2000
Location: Surrey, UK
Posts: 8,384
Likes: 0
Received 0 Likes
on
0 Posts
Ah ha that explains it! 
Don't blame you, and of course, for what it's worth, you are correct in saying you have no chance of forcing your ISP or others to change to a specific DNS version...
... although could be fun (if you have the time) arguing the point with them
Don't blame you, and of course, for what it's worth, you are correct in saying you have no chance of forcing your ISP or others to change to a specific DNS version...
... although could be fun (if you have the time) arguing the point with them
Thread
Thread Starter
Forum
Replies
Last Post
DazV
Computer & Technology Related
18
07 October 2002 10:24 AM
BrownDot
Computer & Technology Related
3
22 January 2002 03:00 PM