Networking / Beginners

Host Name Spoofing

Apart from cache poisoning, a malicious user can give hundreds of DNS responses for a query and the querying server will accept them without authentication. This is termed cache flooding.

Other DNS server attacks include leakage of information through zone transfers. Host names can reveal certain things about the host, such as its operating system. This information can be useful to its rival hosts. DNS tools can be used to query a server continuously with different IP addresses of a particular domain. The unused IP addresses can be used to spoof the server and act as a host of that network. If another system is configured to trust the entire IP network, it is vulnerable to attack by an attacker using the unused IP address of the trusted IP network. The way to deal with it is to never configure your machine to trust an entire network; instead, mention explicitly the hosts of the network that can be trusted.

Restricting Queries

As discussed earlier, DNS was designed for public use, and therefore, the earlier versions of BIND did not include any option for restricting querying sources. Later, when the importance of security was realized, sub-statements like allowquery were added from Version 8. The allow-query directive can be used both as global option or in particular master/slave section. You learned about allow-query in the section, "BIND Configuration," earlier in this tutorial.

An example of allow-query is shown in the following code:

options {
	allow-query { 192.49.49/30; 192.59.59/30; };
};

The following code shows a sample of restricting queries in the zone you want to protect:

zone " example.com" IN {
	type 			slave;
	masters 	{ 172.17.100.1 }
	file 			"db. example ";
	allow-query { "XYZ-NET"; };
};

Restricting Zone Transfers

Restricting zone transfers is considered more important than restricting queries. If you take another look at the "BIND Configuration" section, you will find an allow-transfer statement. The allow-transfer statement can limit zone transfers by specifying the hosts allowed to copy the database.

By using the allow-transfer statement in the master zone, the number of slaves who can transfer the master can be controlled. An example of the allow-transfer statement is shown here:

zone "example.com" IN {
	type 			master;
	file 			"db.example.com";
	allow-transfer { 172.32.32.2; 172.42.42.4; };
};

The mentioned directives also can be used in slave and global configuration. By using them in slave, you can restrict hackers who can transfer zone in that particular slave.

[Previous] [Contents] [Next]

In this tutorial:

  1. Linux Other Network Servers
  2. Setting the FTP User Account
  3. Configurations File for FTP Server
  4. ftpusers
  5. Anonymous FTP
  6. Using Proper Password and Group Files
  7. Anonymous FTP Warnings
  8. Sendmail
  9. Sendmail Security
  10. Domain Name Service
  11. Domain Name Space
  12. Services Offered By a DNS Server
  13. DNS Transactions
  14. BIND
  15. BIND Configuration
  16. Resource Records (RR)
  17. Start of Authority (SOA)
  18. nslookup
  19. BIND Security
  20. Host Name Spoofing
  21. Running BIND with Least Privileges
  22. DNS Security Extensions (DNSEC)
  23. SAMBA
  24. SMB Protocol
  25. Mounting the SMB File System
  26. SAMBA Security
  27. Server-Level Security