[unisog] DNS Cache Poisoning

Florian Weimer fw at deneb.enyo.de
Thu Apr 7 15:32:23 GMT 2005


* Bill Martin:

> Has anyone seen attemp on this in the EDU name space yet?

According to my data, EDU is not affected yet.  NET and US potentially
are.

I still believe that these "attacks" are merely unintentional side
effect.  Some spammers create a fake COM zone on their name servers
and add a wildcard A record for *.COM.  This way, they need not add a
zone for each domain they own.  Unfortunately, this leaks bogus NS
entries for COM in the authoritative section of DNS replies, which are
picked up by broken caching resolvers in some cases.

This practice is fairly common, and my records indicate that it's
older than the current raised interest in DNS anomalies. 8-)


More information about the unisog mailing list