Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
DNS spoofing
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Variants== In the following variants, the entries for the server {{samp|ns.target[[.example]]}} would be poisoned and redirected to the attacker's name server at IP address {{IPaddr|w.x.y.z}}. These attacks assume that the name server for {{samp|target.example}} is {{samp|ns.target.example}}. To accomplish the attacks, the attacker must force the target DNS server to make a request for a domain controlled by one of the attacker's nameservers.{{Citation needed|date=January 2012}} ===Redirect the target domain's name server=== The first variant of DNS cache poisoning involves redirecting the name server of the attacker's domain to the name server of the target domain, then assigning that name server an IP address specified by the attacker. DNS server's request: what are the address records for {{samp|subdomain.attacker.example}}? {{sxhl|2=zone|subdomain.attacker.example. IN A}} Attacker's response: * Answer: (no response) * Authority section: {{sxhl|2=zone|attacker.example. 3600 IN NS ns.target.example.}} * Additional section: {{sxhl|2=zone|ns.target.example. IN A w.x.y.z}} A vulnerable server would cache the additional A-record (IP address) for {{samp|ns.target.example}}, allowing the attacker to resolve queries to the entire {{samp|target.example}} domain. ===Redirect the NS record to another target domain=== The second variant of DNS cache poisoning involves redirecting the nameserver of another domain unrelated to the original request to an IP address specified by the attacker.{{Citation needed|date=January 2012}} DNS server's request: what are the address records for {{samp|subdomain.attacker.example}}? {{sxhl|2=zone|subdomain.attacker.example. IN A}} Attacker's response: * Answer: (no response) * Authority section: {{sxhl|2=zone|target.example. 3600 IN NS ns.attacker.example.}} * Additional section: {{sxhl|2=zone|ns.attacker.example. IN A w.x.y.z}} A vulnerable server would cache the unrelated authority information for {{samp|target.example}}'s NS-record ([[Name server|nameserver]] entry), allowing the attacker to resolve queries to the entire {{samp|target.example}} domain.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)