[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] food for thought -- root zone exposures
From:       Valdis.Kletnieks () vt ! edu
Date:       2003-06-27 18:20:39
[Download RAW message or body]

On Thu, 26 Jun 2003 23:25:06 EDT, Len Rose <len@netsys.com>  said:

> http://www.ietf.org/internet-drafts/draft-ietf-dnsop-bad-dns-res-01.txt
> 
> 
> At the risk of appearing somewhat jaundiced, I'll bet someone
> that it's an M$ nameserver implementation that they're
> referring to.

Section 3 (client) is a combination of NAT, poor configuration on the ISP's part,
and MS's ActiveDirectory.  The basic scenario is that you get a Windows box
that gets DHCP'ed with an RFC1918 space, and it tries to register itself.   The local
DNS doesn't know squat about the space because it's misconfigued, so the client
walks up the tree.  The ISP fails to do ingress filtering, and things go pear-shaped quickly.

And it's worse than that I-D says - see this for a hint HOW bad:

http://www.nanog.org/mtg-0210/wessels.html

[Attachment #3 (application/pgp-signature)]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[prev in list] [next in list] [prev in thread] [next in thread]