Re: (lame) spoofing DNS with hosts files...

From: salo (saloat_private)
Date: Mon Aug 20 2001 - 20:33:24 PDT

Next message: Gregory McCann: "Re: Windows XP RC2"

Previous message: Dennis McHenry: "Re: Windows XP RC2"
In reply to: Mitino-PTT support: "Re: (lame) spoofing DNS with hosts files..."
Next in thread: John Thornton: "RE: (lame) spoofing DNS with hosts files..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi there,

On Mon, Aug 20, 2001 at 08:24:14PM +0400, Mitino-PTT support wrote:
> i think first operating system looks hosts file and then (if not true) makes
> a dns query

in fact this is not true (i do not know how it works in windows). this is only
default configuration on dns-resolver-based-lookups hosts. magical place where
it is all configured is /etc/nsswitch.conf, directive "hosts".

typically it looks as follows:

  hosts: files dns

this will cause internal resolver to look into /etc/hosts first and only if
nothing appropriate is found there ask first external resolver defined in
/etc/resolv.conf

so if you want to skip /etc/hosts, simply change that line to:

  hosts: dns

and your host will always ask external resolver for dns lookups. there are
another possibilities like ask nis resolver, etc. -> man nsswitch.conf in your
favorite UNIX-like OS

> its not a bug or vulnerability
> it is feature (which came from ancient times when there was no domain name
> system on the Earth)

/etc/hosts is especially usable in small LANs without external resolver/dns
server configured, etc.

> i think it is not a topic for this list

sure. this is topic for "fundamentals of [insert your favorite OS here]"
ond "newbie to dns".

> >C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts
> >
> >C:\WINDOWS>ping www.hotmail.com
> >
> >Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data:
> >
> >Reply from 192.168.1.2: bytes=32 time=38ms TTL=255
> >
> >Ping statistics for 192.168.1.2:
> >    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> >Approximate round trip times in milli-seconds:
> >    Minimum = 38ms, Maximum =  38ms, Average =  38ms
> >Control-C
> >
> >
> >Tested the same thing under linux too... no suprises really I spose just
> >something to ponder...

what about placing:

zone "." {
        type master;
        file "surprise";
};

into your 'named.conf' and then put:

*        IN A  127.0.0.1.

into 'surprise' and starting bind? you have whole internet on your desk!
great, isn't it? no, it is not. please read some documents describing how dns
resolving and OS you are using work and get a clue about it.

thank you

-- 
--   salo <saloat_private>         ASCII Ribbon campaign against   /"\   --
--        <saloat_private>         e-mail in gratuitous HTML and   \ /   --
--                                   Microsoft proprietary formats    X    --
--   http://Xtrmntr.org/salo.pgp                                     / \   --

Next message: Gregory McCann: "Re: Windows XP RC2"
Previous message: Dennis McHenry: "Re: Windows XP RC2"
In reply to: Mitino-PTT support: "Re: (lame) spoofing DNS with hosts files..."
Next in thread: John Thornton: "RE: (lame) spoofing DNS with hosts files..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 21:45:35 PDT