i have a question over resolver and DNS
So I am trying to figure out resolver and I need to figure out how a resolver might attempt to find the IP address of the example domain? I dont know to much about a resolver and I was wondering if someone could help me.
My second question is for a project I am setting up and I need to figure out which part of the DNS is most vulnerable to an attack from a malicious user and why is this? I need to have a reason for this so if anyone could help me on this too, it would be greatly appreciated. Thanks |
Quote:
Quote:
Quote:
|
...and bear in mind that DNS != Bind (ie, there are alternatives).
|
Quote:
|
If you were trying to say "I said that first", I'll also throw in this example from '07:
http://www.linuxquestions.org/questi...?highlight=dns More seriously, I don't know why so many people think DNS is exactly equivalent to bind. Setting up Bind can be a bit of a pain, particularly when its chrooted and the history of Bind is not one that gives you a great deal of confidence that the current version is free of significant bugs. Something like djbdns/dnsmasq/maradns/pdns is a better bet (imho) in simpler set ups, although there can still be a case for the Bind 'swiss army knife' for some of the more involved set-ups. And, for a secure installation, with Bind, I think that you should know who is your security specialist, and that they check for security advisories on a very frequent basis. This may be overkill for a small installation. You may think I'm being paranoid (and you may be right), but most of the effort in trying to develop exploits seems to be expended against Bind rather than the alternatives and so I'm a bit more relaxed about the security situation with, say, djbdns than Bind. |
I guess you will have to decide which DNS implementation you want to use, before figuring out the resolver mechanism. As for the attack issues - this seems rather to be a firewall/router topic, since these are better suited to deal with attacks. I would assume to have name servers always behind a firewall, it should be quite rare to have a name server as the only computer in an office. Otherwise putting 'named' in a jailroot seems to be quite common as a precaution move.
Debian |
Quote:
Quote:
If you have a blacklist of all those involved in the exploit, you could use that with your firewall ruleset, but isn't curing the fundamental problem better? |
All times are GMT -5. The time now is 02:16 PM. |