[nsp-sec] GoDaddy DNS server "hijacking" .com ?
Johannes Ullrich
jullrich at euclidian.com
Wed Oct 8 12:58:44 EDT 2008
the Bind8 forwarder issue is my best guess at this point as well. I am
actually a bit surprised that this just came up.
would they actually need the .com/.org authority record to do the domain
grapping?
On Wed, Oct 8, 2008 at 12:51 PM, Florian Weimer <fweimer at bfk.de> wrote:
> ----------- nsp-security Confidential --------
>
> * Johannes B. Ullrich:
>
> > one of our readers had issues resolving www.checkpoint.com, and we
> > narrowed it down to ns51.domaincontrol.com and
> > ns52.domaincontrol.com pretending to be '.com'. I am not sure if
> > this is just by accident (the redirect sites just deliver the
> > default GoDaddy parked page).
>
> This is SOP for domain grabbers. We've seen 1,528,623 zones served
> from that NS in the big gTLDs alone. Very likely, they haven't all
> been active at the same time. But even if it's just a fraction, you
> still need the equivalent of tens of thounds of "zone" statements in
> your name server configuration. So it's much more easy to make the
> server authoritative for the root (or use some zone-less
> wildcard-everything packet reflector).
>
> Most TLDs explicitly do not check whether the NS of a delegated domain
> is authoritative for the TLD.
>
> On the other hand, my pity with people who run name servers which are
> confused by this is rather limited (although this includes setups
> involving forwarders forwarding to servers which do not sanitize or
> strip authority sections replies, like BIND 8).
>
> --
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list