Any tool to compare DNS results from several DNS servers?
Someone suggested what he called "dns pooling" as a countermeasure for those man-in-the-middle attacks that are based on DNS poisoning. His suggestion was to query several DNS servers and compare the results. If there's any difference, alert the user. Of course that would produce false alarms for any legitimate IP changes propagating in DNS networks. But it's better than nothing.
Are there any tools to automatically compare the results from several DNS servers, and alert for any difference? |
Hmm, that is an interesting idea. The script at http://www.madboa.com/geek/dig/
has about 80-90% of the code done that would be needed. just reverse what is in the text file vs what is being queried. |
Quote:
But if someone then does request one of those questionable domains, what then? |
That's good. Any chance we could force all accesses to the internet from browsers, email clients etc, go through this check? Where would the script go, what system scripts would be edited?
|
Quote:
|
Isn't it simpler to find the place in the system scripts where the 2 DNS servers that you specify with the gnome network manager are read and used one at a time, with the second one being read only if the first one fails? It would then be a very simple change of the script, to ask both DNS servers anyway, and also ask 5 more servers, and return successfully only if they all agree?
|
Quote:
|
Quote:
|
Quote:
Only by performing the same DNS query against multiple DNS servers would you have a reasonable chance of detecting the poisoning. |
Quote:
|
Quote:
Quote:
|
You still do not understand the suggestion. The suggestion is to edit a computer program, part of the linux system and probably a script, that currently does the wrong thing, and the wrong thing that it does was described here:
Quote:
Quote:
|
Now does anyone know where linux implements the access to the list of DNS servers that you have specified with the gnome network manager, before querying the servers one at a time?
It should be an extremely simple change if linux does it with a script. |
|
All times are GMT -5. The time now is 03:30 PM. |