for the past few hours, we've been seeing certain root servers
intermittently claiming that certain names don't exist, and then
changing their mind a few minutes later.
anyone else seeing this? did i miss an announcement of problems?
-matthew kaufman
matthew@scruz.net
While I am not at liberty at this time to release the documentation in my
hands as the invidual who wrote it would like to try and get a patch
available before releasing his advisory. Put simply, he has 'discovered',
documented, and made available his methods, a method to forge DNS
information in a way that would/could cause the errors you are seeing in the
root name servers. The following is an excerpt that I don't think he'll get
pissed about if I release:
Because of the severity of the problem at hand, no source code will be made
available. However, I have setup a service that you can use to test your
dns servers to see if they are vulnerable. I have setup certain domain names
off the sventech.com domain which when queried will send additional
information in the packet to attempt to get bind to cache. Here is a list of
the domain names and the information they try to cache:
begin.dns.sventech.com
Will load a domain name of this.is.a.test.domain with an A record of
1.2.3.4 and a MX record of mail.test.domain with a priority of 10
for
test.domain. It will also give it a NS record that points to
ns.test.domain which has an IP address of 4.3.2.1
add.dns.sventech.com
This will add an A record of 3.1.33.7 to this.is.a.test.domain
mx.dns.sventech.com
This will add an MX record of mail.competitor.domain to test.domain
with a priority of 5