DNS registration problems

Brian J. Conway dogbert at clue4all.net
Sat Jan 13 14:50:25 EST 2001


> There are major security implications to this issue.  If someone were to
> register a host to act as a name server, which meant that the root servers
> would know about it in a non-authoritative way, then the general public
> would likely get its IP address from the glue records rather than from the
> authoritative server.  The end result of this could be to hide all of a
> domain's mail or web servers from the public.  We have actually had this
> happen twice (due to errors, not malice) and in neither case was the ISP
> responsible able to diagnose it until we were called in.

I accidentally came across this a few years ago without thinking about
the consequences, and set up the host "clue4all.net" as the primary dns
entry for the domain "clue4all.net" and never realized a problem until I
went to move the machine and realized no one had any reason to try the
secondary name server if they thought they saw the primary already. 
Oops. =)  You'd think registrars would put in a check to not allow you
to set a same hostname as a domain for a dns entry, but I guess most
people think those things through.  Just my $0.02.

Brian J. Conway
dogbert at clue4all.net
Geek for hire: http://clue4all.net/resume

Men may control the free world, but women control the boobs.
(http://www.pvponline.com/archive.php3?archive=20001024)
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list