Security Incidents mailing list archives
Re: DNS cache poisoning?
From: <chad () mr-lew com>
Date: Tue, 16 Aug 2005 21:52:49 -0400
Willard, Your first step should be to remove your DNS services from that WinNT box to something that is less vulnerable and start using a BIND based DNS solution. Any Linux/Unix type platform will work. If you look in your WinNT\System32\dns directory you will find the actual DNS zone files. You may find the cause of the DNS error has been saved there, or it may be caused over the network and affecting your cache. If you have been a victim of DNS Cache poisoning, it comes off of the predictability of the Query ID generated by your system. Upgrading to a BIND 9 nameserver can help in this case, plus add in numerous other security features in your DNS infrastructure. The fact that the error point to networksolutions.com means nothing... other than whoever is causing your headaches wants you to blame networksolutions. If you need help setting up your nameserver on BIND 9, check out the DNS & BIND 4th Ed by Cricket Liu (for long answers/explanations) or the DNS Cookbook by Cricket Liu (for shorter answers/explanations). Feel free to drop me a line on the side if you need more help getting BIND 9 installed and running or help with some of the security features. Good luck, Chad
Current thread:
- DNS cache poisoning? Willard Van Dyne (Aug 16)
- Re: DNS cache poisoning? Joel Esler (Aug 16)
- Re: DNS cache poisoning? Willard Van Dyne (Aug 16)
- Re: DNS cache poisoning? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 17)
- Re: DNS cache poisoning? Willard Van Dyne (Aug 16)
- RE: DNS cache poisoning? James C Slora Jr (Aug 17)
- <Possible follow-ups>
- Re: DNS cache poisoning? chad (Aug 16)
- Re: DNS cache poisoning? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Aug 17)
- Re: DNS cache poisoning? David Pick (Aug 17)
- RE: DNS cache poisoning? Rabinowitz, Michael CTR MDA/ION (Aug 17)
- Re: DNS cache poisoning? chad (Aug 18)
- Message not available
- Re: DNS cache poisoning? David Glosser (Aug 22)
- Message not available
- Re: DNS cache poisoning? Joel Esler (Aug 16)