DNS server question...

Discussion in 'Computer Security' started by R Green - WoWsat.com, Jan 27, 2004.

  1. Recently, my ISP is having DNS caching problems and I had to point
    my router to another DNS server (instead of using my ISP's).. my question is
    this as I'm not familiar with DNS server configurations:

    Can info be extracted from that DNS server that I am pointing to temporarily
    (ie. passwords, http queries, pop accounts, etc?) by someone in control of
    that DNS server?

    --
    R Green
    Tech Support
    ----------------------
    WoWsat.com
    ----------------------
     
    R Green - WoWsat.com, Jan 27, 2004
    #1
    1. Advertisements

  2. R Green - WoWsat.com

    Will Dormann Guest

    R Green - WoWsat.com wrote:

    > Recently, my ISP is having DNS caching problems and I had to point
    > my router to another DNS server (instead of using my ISP's).. my question is
    > this as I'm not familiar with DNS server configurations:
    >
    > Can info be extracted from that DNS server that I am pointing to temporarily
    > (ie. passwords, http queries, pop accounts, etc?) by someone in control of
    > that DNS server?
    >



    How would passwords, http quesries, pop accounts be sent to the DNS
    server? Your machine asks the dns server what IP a particular name is
    (or vice-versa), and the dns server replies. That's it.


    -WD
     
    Will Dormann, Jan 27, 2004
    #2
    1. Advertisements

  3. R Green - WoWsat.com

    Rowdy Yates Guest

    DNS just translates ip --> hostname and vice verse. does not do anything
    else. what can happen is dsn poisoning.

    for example. your web site is www.green.com and your ip is 123.123.123.123
    someone can copy your entire web site on another server, give it ip
    321.321.321.321 and put a fake entry in the DSN to send people going to
    www.green.com from your server the the fake server. then any password, user
    name e.t.c.. people type will be captured by the malicious party on their
    servers.


    "R Green - WoWsat.com" <[news]@wowsat.com> wrote in
    news:veCRb.19281$P51.15632@clgrps12:

    > Recently, my ISP is having DNS caching problems and I had to point
    > my router to another DNS server (instead of using my ISP's).. my
    > question is this as I'm not familiar with DNS server configurations:
    >
    > Can info be extracted from that DNS server that I am pointing to
    > temporarily (ie. passwords, http queries, pop accounts, etc?) by
    > someone in control of that DNS server?
    >




    --
    Rowdy Yates
    I am Against-TCPA
    http://www.againsttcpa.com
     
    Rowdy Yates, Jan 28, 2004
    #3
  4. R Green - WoWsat.com

    me Guest

    Will Dormann wrote:

    > R Green - WoWsat.com wrote:
    >
    >> Recently, my ISP is having DNS caching problems and I had to point
    >> my router to another DNS server (instead of using my ISP's).. my question
    >> is this as I'm not familiar with DNS server configurations:
    >>
    >> Can info be extracted from that DNS server that I am pointing to
    >> temporarily (ie. passwords, http queries, pop accounts, etc?) by someone
    >> in control of that DNS server?
    >>

    >
    >
    > How would passwords, http quesries, pop accounts be sent to the DNS
    > server? Your machine asks the dns server what IP a particular name is
    > (or vice-versa), and the dns server replies. That's it.


    If the DNS server is a compromised one and the services used require a DNS
    server to resolve the hostname, then that isn't too hard to do. The
    malicious server would just have to have dns records pointing any domain
    that is attempted to be resolved to whatever IP they feel like and then run
    a fake service on each port for each service they want to capture something
    on and then capture the password(s) for that service, which would work
    quite well for various protocols that pass passwords around in plain text
    such as regular POP3 that sends plain text passwords across the connection
    in the clear. So, if you can't trust the DNS server, it is a good idea to
    not use it at all.
     
    me, Jan 28, 2004
    #4
  5. R Green - WoWsat.com

    Steve Smith Guest

    I also have DNS server questions. I recently had problems connecting to the net and I was able to ping IP addresses but not domain names. This showed the problem was with DNS. I pinged the DNS servers and the "Request timed out". The ISP had provided static IP addresses and DNS server IPs which had been entered manually. I was successful in pinging a third DNS server IP address and when I tried this one, my Internet connection worked fine. Is it correct to assume that if you can't ping the IP address of a DNS server, then it's not going to work? Is there a better utility besides Ping for trouble shooting DNS servers? I'm also wondering if it's possible to use another ISP's DNS server?

    Thanks,
    Steve Smith
     
    Steve Smith, Feb 1, 2004
    #5
  6. "Steve Smith" <> wrote in message
    news:KeZSb.5298$gl2.3622@lakeread05...
    > I also have DNS server questions. I recently had problems connecting to

    the
    > net and I was able to ping IP addresses but not domain names. This showed
    > the problem was with DNS. I pinged the DNS servers and the "Request timed
    > out". The ISP had provided static IP addresses and DNS server IPs which

    had
    > been entered manually. I was successful in pinging a third DNS server IP
    > address and when I tried this one, my Internet connection worked fine. Is
    > it correct to assume that if you can't ping the IP address of a DNS

    server,
    > then it's not going to work? Is there a better utility besides Ping for
    > trouble shooting DNS servers? I'm also wondering if it's possible to use
    > another ISP's DNS server?


    nslookup. Not available with Win9x, but there are other tools that so the
    same job and are readily available. Google is your friend..

    Some ISPs (not all) allow you to use their DNSes.. remember that the longer
    the time it takes to lookup an address, the longer everything else will
    wait..

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Feb 1, 2004
    #6
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lars Bonnesen
    Replies:
    9
    Views:
    7,730
    chris
    Apr 8, 2006
  2. none
    Replies:
    5
    Views:
    3,360
  3. Jose Padilla

    DNS question - reverse DNS getting cluttered

    Jose Padilla, Jan 21, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    731
    Jose Padilla
    Jan 21, 2004
  4. Replies:
    1
    Views:
    1,270
    Rohan
    Nov 18, 2006
  5. juska
    Replies:
    1
    Views:
    1,668
    hdeboo
    Nov 12, 2007
Loading...

Share This Page