Re: [ga] Rogue (Fraudulent) DNS Servers?

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

Karl and all,

  It is true that creating "Views" to address some security related
problems as a result of misconfigured DNS using Bind 9 are useful
and helpful.  But it is only reasonable the recognize that first, if
DNS is configured correctly such "Views" are not necessary, and second
that the vast majority of DNS config's are on Windows OS's.  Ergo
IMO, reinforcing Matthew's earlier stated argument or concern.

  What amazes me about all of this is that such blatent disregard for
users security by many significant providers and/or domain name
holders continues and is left unchecked and subsequently uncorrected
when pointed out clearly and without doubt.  Google and Yahoo stand
out rather significantly as violators or misconfigured DNS, and improper
Whois data too boot which is a direct violation of current RAA contract.

Regards,

Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div.
of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
Phone: 214-244-4827

Karl Auerbach wrote:

> Matthew Pemble wrote:
>
> > http://www.infoworld.com/article/07/12/11/DNS-attack-could-signal-Phishing-2.0_1.html
>
> > The researchers estimate that there are 17 million open-recursive DNS
> > servers
>
> If you are running Bind it is possible to create "views" that will, I
> believe, defeat this concern.  (Of course, if the underlying OS is
> Windoz all bets are off.)
>
> On my own resolvers I have an external view in which my resolvers will
> answer queries only for names for which my servers are authoritative.
> Unless a query source qualifies for my internal view, below, it gets the
> external treatment - which means that if you ask one of my servers for
> some j-random name that isn't one of mine it'll tell you to go pound sand.
>
> I have an internal view which is available to machines on my address
> blocks (and a few others).  In that view my resolvers will do a lookup
> on any query name.
>
> It's not too hard to set this up - bit not trivial.  For example, take a
> look at http://www.cymru.com/Documents/secure-bind-template.html
>
>                 --karl--