Re: potential DNS security issue

From: Steve Clark [MSFT] (bogus_at_microsoft.com)
Date: 12/29/04 

Date: Wed, 29 Dec 2004 10:26:43 -0800

In the TCP/IP configuration settings of these Windows DNS servers, what
addresses did you populate them with? ISP address? Their own address?
Other DNS server address?

"Chris" <chris23@ic-2000.com> wrote in message
news:luZxd.14261$n26.1929@fe10.lga...
>I posted this to the dns group, but thought it might be appropriate here
>too. I think this is a security issue as well:
>
> This morning on of our DNS servers started responding to all requests with
> the same IP address. The only exceptions were sites that the server was
> authoritative for. I fixed it by clearing the cache, but I have to wonder
> how this is happening. This server runs Windows 2000 dns and has the
> "secure cache against pollution" option set (and I confirmed it in the
> registry).
>
> I contacted Microsoft and they had no idea what might be happening. They
> thought that one of the root servers may have been compromised. I find
> this hard to believe however. I found this link on the web:
> http://www.atsnn.com/story/105049.html which describes a similar
> situation. It appears that this has occured to others over the last few
> weeks, and any root server problems probably would have been dealt with.
>
> Has anyone seen this before. It seems like a vulnerability that has not
> yet been addressed. However, maybe its just a vulnerability in DNS in
> general. Any thoughts?
>

Relevant Pages

  • Re: Forward lookup zone not automatically created for new domain i
    ... I updated the 'Preferred DNS server' on shell.company to ... Did you remove the other DNS servers? ... This looks like you already had replication errors (at least ... No forward lookup zone appeared. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Simple DNS For Private LAN -- SOLVED
    ... I used your examples and the "view" statement mentioned my Mathew Seaman to build a BIND 9 DNS server that is authoritative for mykitchentable.net. ... a local "master zone" visible only to my private LAN as you describe ... internal home network. ... which points to the root DNS servers. ...
    (freebsd-questions)
  • Re: Urgent! New router and big disaster
    ... As far as "What happens if you remove the ISP DNS servers and just use root ... What are your ISP's DNS server IP addresses? ... Thats on both SBS & clients. ... The local router has the broadband connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Need help with DNS design and settings
    ... all DC's or all DNS servers etc. ... AFAIK the default replication scope is to all DNS server in the forest ... I think your reverse lookup zone question was answered. ...
    (microsoft.public.win2000.dns)
  • Re: Urgent! New router and big disaster
    ... As far as "What happens if you remove the ISP DNS servers and just use ... What are your ISP's DNS server IP addresses? ... Thats on both SBS & clients. ... time broadband connection - and that is what must be selected in ...
    (microsoft.public.windows.server.sbs)