bailiwicked_domain not working anymore?

[hdm at metasploit.com (HD Moore)]

On Mon, 20 Jul 2009 10:09:54 -0500, Paolo Milani <j.s.sebastian at gmail.com>
wrote:

> I presume that the server for the red subdomain should then reply
> putting the port number used by the server in the TXT section.
>
> Unfortunately this server is down (in fact, the red subdomain does not
> resolve)."

I should have it back up soon, just forgot about it :-)

> Since sending back the src port of the server in the TXT section is not
> standard DNS behavior, and the code for this server doesn't seem to have
> been released, even if you set up your own authoritative server the
> check functionality will still not work.

There is a DNS server module with the same functionality as the  
red.metasploit.com domain under auxiliary/server/dns/spoofhelper

> Richard Miles wrote:
> > Both servers show to be vulnerable, similar to this one output:
> >
> > porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
> > "myDNSserver is POOR: 26 queries in 1.9 seconds from 26 ports with std  
> > dev 7"


This indicates a weak port distribution, but not a static port, which the
metasploit module requires to work.

-HD