Re: potential DNS security issue

From: Chris (chris23_at_ic-2000.com)
Date: 12/21/04 

Date: Tue, 21 Dec 2004 14:27:33 -0500

It was definately the server. I tried the ipconfig /flushdns first and that
didn't fix anything. It only cleared up after I cleared the cache in the
management console. It was happening on all clients using this dns server
as well, of course. Everything resolved to same IP except zones this server
serves.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:vE_xd.302355$R05.85785@attbi_s53...
> That is scary. Did you clear the client cache via ipconfig /flushdns or
> did you clear the dns server cache via the dns Management Console where
> you have to find the cached lookups folder, right click and select clear
> cache? You have to select view-advanced to see the cached folder. Also
> when you use nslookup on a computer doing that do all names [Yahoo.com,
> Microsoft.com, etc] resolve to the same IP addresses. I am wondering if it
> is a dns client or dns server problem. --- Steve
>
>
> "Chris" <chris23@ic-2000.com> wrote in message
> news:luZxd.14261$n26.1929@fe10.lga...
>>I posted this to the dns group, but thought it might be appropriate here
>>too. I think this is a security issue as well:
>>
>> This morning on of our DNS servers started responding to all requests
>> with the same IP address. The only exceptions were sites that the server
>> was authoritative for. I fixed it by clearing the cache, but I have to
>> wonder how this is happening. This server runs Windows 2000 dns and has
>> the "secure cache against pollution" option set (and I confirmed it in
>> the registry).
>>
>> I contacted Microsoft and they had no idea what might be happening. They
>> thought that one of the root servers may have been compromised. I find
>> this hard to believe however. I found this link on the web:
>> http://www.atsnn.com/story/105049.html which describes a similar
>> situation. It appears that this has occured to others over the last few
>> weeks, and any root server problems probably would have been dealt with.
>>
>> Has anyone seen this before. It seems like a vulnerability that has not
>> yet been addressed. However, maybe its just a vulnerability in DNS in
>> general. Any thoughts?
>>
>
>

Relevant Pages

  • Re: cannot join WinXP to Windows 2000 domain
    ... unedited ipconfig /all from both servers and the client machine. ... another server W2003 DC for it's DNS and the LAN's DHCP ... I would even be willing to move the W2000 DNS services to reside on ... Host records that map the name of the domain controller to its ...
    (microsoft.public.win2000.active_directory)
  • Re: [WARNING] The DNS Resolver Cache service is not running.
    ... It prevents anyone (at least on the server) from ... receiving, DNS Resolver Cache no running, so sorry. ... DHCP Client Service ...
    (microsoft.public.win2000.dns)
  • Re: Problems to add PCs to domain
    ... please post an ipconfig /all from one problem machine and the DC?DNS server ... theire user account? ... Connection-specific DNS Suffix. ... I did not get when you say "the DC?DNS server of your domain." ...
    (microsoft.public.windows.server.general)
  • Re: Problems to add PCs to domain
    ... please post an ipconfig /all from one problem machine and the DC?DNS server ... theire user account? ... Connection-specific DNS Suffix. ... I did not get when you say "the DC?DNS server of your domain." ...
    (microsoft.public.windows.server.general)
  • POHMELFS high performance network filesystem release.
    ... I'm please to announce POHMEL high performance network filesystem. ... POHMELFS stands for Parallel Optimized Host Message Exchange Layered File System. ... Local coherent cache for data and metadata. ... Very fast and scalable multithreaded userspace server. ...
    (Linux-Kernel)