Computer Security - DNS server question...

01-27-2004, 11:11 PM

Recently, my ISP is having DNS caching problems and I had to point
my router to another DNS server (instead of using my ISP's).. my question is
this as I'm not familiar with DNS server configurations:

Can info be extracted from that DNS server that I am pointing to temporarily
(ie. passwords, http queries, pop accounts, etc?) by someone in control of
that DNS server?

--
R Green
Tech Support
----------------------
WoWsat.com
----------------------

R Green - WoWsat.com

01-27-2004, 11:17 PM

R Green - WoWsat.com wrote:

> Recently, my ISP is having DNS caching problems and I had to point
> my router to another DNS server (instead of using my ISP's).. my question is
> this as I'm not familiar with DNS server configurations:
>
> Can info be extracted from that DNS server that I am pointing to temporarily
> (ie. passwords, http queries, pop accounts, etc?) by someone in control of
> that DNS server?
>

How would passwords, http quesries, pop accounts be sent to the DNS
server? Your machine asks the dns server what IP a particular name is
(or vice-versa), and the dns server replies. That's it.

-WD

01-28-2004, 03:42 AM

DNS just translates ip --> hostname and vice verse. does not do anything
else. what can happen is dsn poisoning.

for example. your web site is www.green.com and your ip is 123.123.123.123
someone can copy your entire web site on another server, give it ip
321.321.321.321 and put a fake entry in the DSN to send people going to
www.green.com from your server the the fake server. then any password, user
name e.t.c.. people type will be captured by the malicious party on their
servers.

"R Green - WoWsat.com" <[news]@wowsat.com> wrote in
news:veCRb.19281$P51.15632@clgrps12:

> Recently, my ISP is having DNS caching problems and I had to point
> my router to another DNS server (instead of using my ISP's).. my
> question is this as I'm not familiar with DNS server configurations:
>
> Can info be extracted from that DNS server that I am pointing to
> temporarily (ie. passwords, http queries, pop accounts, etc?) by
> someone in control of that DNS server?
>

--
Rowdy Yates
I am Against-TCPA
http://www.againsttcpa.com

01-28-2004, 09:17 AM

Will Dormann wrote:

> R Green - WoWsat.com wrote:
>
>> Recently, my ISP is having DNS caching problems and I had to point
>> my router to another DNS server (instead of using my ISP's).. my question
>> is this as I'm not familiar with DNS server configurations:
>>
>> Can info be extracted from that DNS server that I am pointing to
>> temporarily (ie. passwords, http queries, pop accounts, etc?) by someone
>> in control of that DNS server?
>>
>
>
> How would passwords, http quesries, pop accounts be sent to the DNS
> server? Your machine asks the dns server what IP a particular name is
> (or vice-versa), and the dns server replies. That's it.

If the DNS server is a compromised one and the services used require a DNS
server to resolve the hostname, then that isn't too hard to do. The
malicious server would just have to have dns records pointing any domain
that is attempted to be resolved to whatever IP they feel like and then run
a fake service on each port for each service they want to capture something
on and then capture the password(s) for that service, which would work
quite well for various protocols that pass passwords around in plain text
such as regular POP3 that sends plain text passwords across the connection
in the clear. So, if you can't trust the DNS server, it is a good idea to
not use it at all.

02-01-2004, 02:10 AM

I also have DNS server questions. I recently had problems connecting to the net and I was able to ping IP addresses but not domain names. This showed the problem was with DNS. I pinged the DNS servers and the "Request timed out". The ISP had provided static IP addresses and DNS server IPs which had been entered manually. I was successful in pinging a third DNS server IP address and when I tried this one, my Internet connection worked fine. Is it correct to assume that if you can't ping the IP address of a DNS server, then it's not going to work? Is there a better utility besides Ping for trouble shooting DNS servers? I'm also wondering if it's possible to use another ISP's DNS server?

Thanks,
Steve Smith

02-01-2004, 10:32 AM

"Steve Smith" <> wrote in message
news:KeZSb.5298$gl2.3622@lakeread05...
> I also have DNS server questions. I recently had problems connecting to
the
> net and I was able to ping IP addresses but not domain names. This showed
> the problem was with DNS. I pinged the DNS servers and the "Request timed
> out". The ISP had provided static IP addresses and DNS server IPs which
had
> been entered manually. I was successful in pinging a third DNS server IP
> address and when I tried this one, my Internet connection worked fine. Is
> it correct to assume that if you can't ping the IP address of a DNS
server,
> then it's not going to work? Is there a better utility besides Ping for
> trouble shooting DNS servers? I'm also wondering if it's possible to use
> another ISP's DNS server?

nslookup. Not available with Win9x, but there are other tools that so the
same job and are readily available. Google is your friend..

Some ISPs (not all) allow you to use their DNSes.. remember that the longer
the time it takes to lookup an address, the longer everything else will
wait..

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

01-27-2004, 11:17 PM	#2
Will Dormann Posts: n/a	Re: DNS server question... R Green - WoWsat.com wrote: > Recently, my ISP is having DNS caching problems and I had to point > my router to another DNS server (instead of using my ISP's).. my question is > this as I'm not familiar with DNS server configurations: > > Can info be extracted from that DNS server that I am pointing to temporarily > (ie. passwords, http queries, pop accounts, etc?) by someone in control of > that DNS server? > How would passwords, http quesries, pop accounts be sent to the DNS server? Your machine asks the dns server what IP a particular name is (or vice-versa), and the dns server replies. That's it. -WD

01-28-2004, 03:42 AM	#3
Rowdy Yates Posts: n/a	Re: DNS server question... DNS just translates ip --> hostname and vice verse. does not do anything else. what can happen is dsn poisoning. for example. your web site is www.green.com and your ip is 123.123.123.123 someone can copy your entire web site on another server, give it ip 321.321.321.321 and put a fake entry in the DSN to send people going to www.green.com from your server the the fake server. then any password, user name e.t.c.. people type will be captured by the malicious party on their servers. "R Green - WoWsat.com" <[news]@wowsat.com> wrote in news:veCRb.19281$P51.15632@clgrps12: > Recently, my ISP is having DNS caching problems and I had to point > my router to another DNS server (instead of using my ISP's).. my > question is this as I'm not familiar with DNS server configurations: > > Can info be extracted from that DNS server that I am pointing to > temporarily (ie. passwords, http queries, pop accounts, etc?) by > someone in control of that DNS server? > -- Rowdy Yates I am Against-TCPA http://www.againsttcpa.com

01-28-2004, 09:17 AM	#4
me Posts: n/a	Re: DNS server question... Will Dormann wrote: > R Green - WoWsat.com wrote: > >> Recently, my ISP is having DNS caching problems and I had to point >> my router to another DNS server (instead of using my ISP's).. my question >> is this as I'm not familiar with DNS server configurations: >> >> Can info be extracted from that DNS server that I am pointing to >> temporarily (ie. passwords, http queries, pop accounts, etc?) by someone >> in control of that DNS server? >> > > > How would passwords, http quesries, pop accounts be sent to the DNS > server? Your machine asks the dns server what IP a particular name is > (or vice-versa), and the dns server replies. That's it. If the DNS server is a compromised one and the services used require a DNS server to resolve the hostname, then that isn't too hard to do. The malicious server would just have to have dns records pointing any domain that is attempted to be resolved to whatever IP they feel like and then run a fake service on each port for each service they want to capture something on and then capture the password(s) for that service, which would work quite well for various protocols that pass passwords around in plain text such as regular POP3 that sends plain text passwords across the connection in the clear. So, if you can't trust the DNS server, it is a good idea to not use it at all.

02-01-2004, 02:10 AM	#5
Steve Smith Posts: n/a	Re: DNS server question... I also have DNS server questions. I recently had problems connecting to the net and I was able to ping IP addresses but not domain names. This showed the problem was with DNS. I pinged the DNS servers and the "Request timed out". The ISP had provided static IP addresses and DNS server IPs which had been entered manually. I was successful in pinging a third DNS server IP address and when I tried this one, my Internet connection worked fine. Is it correct to assume that if you can't ping the IP address of a DNS server, then it's not going to work? Is there a better utility besides Ping for trouble shooting DNS servers? I'm also wondering if it's possible to use another ISP's DNS server? Thanks, Steve Smith

02-01-2004, 10:32 AM	#6
Hairy One Kenobi Posts: n/a	Re: DNS server question... "Steve Smith" <> wrote in message news:KeZSb.5298$gl2.3622@lakeread05... > I also have DNS server questions. I recently had problems connecting to the > net and I was able to ping IP addresses but not domain names. This showed > the problem was with DNS. I pinged the DNS servers and the "Request timed > out". The ISP had provided static IP addresses and DNS server IPs which had > been entered manually. I was successful in pinging a third DNS server IP > address and when I tried this one, my Internet connection worked fine. Is > it correct to assume that if you can't ping the IP address of a DNS server, > then it's not going to work? Is there a better utility besides Ping for > trouble shooting DNS servers? I'm also wondering if it's possible to use > another ISP's DNS server? nslookup. Not available with Win9x, but there are other tools that so the same job and are readily available. Google is your friend.. Some ISPs (not all) allow you to use their DNSes.. remember that the longer the time it takes to lookup an address, the longer everything else will wait.. -- Hairy One Kenobi Disclaimer: the opinions expressed in this opinion do not necessarily reflect the opinions of the highly-opinionated person expressing the opinion in the first place. So there!

01-27-2004, 11:11 PM	#1
	DNS server question... Recently, my ISP is having DNS caching problems and I had to point my router to another DNS server (instead of using my ISP's).. my question is this as I'm not familiar with DNS server configurations: Can info be extracted from that DNS server that I am pointing to temporarily (ie. passwords, http queries, pop accounts, etc?) by someone in control of that DNS server? -- R Green Tech Support ---------------------- WoWsat.com ---------------------- R Green - WoWsat.com

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search