Security Basics mailing list archives
Re: How DNS works
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 1 Apr 2006 22:07:46 +0200
On 2006-04-01 Craig Wright wrote:
To alleviate some ignorance regarding the DNS process and public servers. 1 DNS DNS Servers are public if they are a part of the public domain hierarchy. This is NOT that they are on the Internet. This is NOT if anyone can connect to port 53 and use them. DNS Servers are public if and ONLY if they have become an authorised part of the DNS infrastructure. This is a contractual agreement. To connect a DNS Server to the hierarchy it needs to serve a domain. To do this the higher level domain server and your domain system have an agreement - a contract (and please contracts are not required to be written) which exists with implied rights and restraints as dictated by the Internet community and the standards associated with use and the various domain bodies.
Says who? Is that your belief? An Internet standard? A law? But it doesn't matter anyway, so let's take it as given for now.
How this works; Say I want to register ignorant.com I have to go to a register and apply to register the domain (in this case with a .com authority). There are terms in the contract which is formed. Thus the name servers which are listed in the application and thus in the DNS hierarchy are public.
Irrelevant to this discussion.
If I stick a server -ex ignorant.private On the internet for the use of the Internal network, than this is PRIVATE.
Wrong. If you want a nameserver for your internal network then put it into your internal network. If you put it on the Internet, there is no way anyone could know you'd want it to be private. What you said above about DNS refers to the public Domain Name System, and in fact I cannot have a nameserver be part of this system without registering it. However, I can very well have a PUBLIC nameserver that is NOT PART of this system.
If it is secure of not has NO relevance to the status of being public or private - this is a separate issue.
True.
2 Google and robots.txt Web servers are placed on the Internet for a public function UNLESS there is a mechanism to control or restrict access (a password for example). Private servers do not need to be secure, but there needs to be "some" attempt to restrict access (VERY lame attempts included)
Exactly what I said.
There is an applied contractual agreement for public use of the site made by the act of placing the data as a public site. This is dictated by the standards associated with the protocol. - see RFC's and standards for details.
Bullshit. Sorry, but there's no other word for this. You can't have a "contractual agreement" with the public. Who of "the public" do you think agreed to it?
"robots.txt" is a valid part of the standard.
What standard? "robots.txt" is not part of any standard, it's a convention.
Google does not scan the internet for IP addresses that have port 80 open. It does not scan to see if web servers are available on other ports. It links from other sites. This is the purpose of the web.
That wasn't the question here. How does Google get permission to access a server, so it can read the robots.txt in the first place? Even if the spider follows links, it must start somewhere. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- How DNS works Craig Wright (Apr 03)
- Re: How DNS works Ansgar -59cobalt- Wiechers (Apr 03)