Re: pharming.. dns cache insertion...

In article <d3787i$2nkm$1@sf1.isc.org>,
"bruce" <bedouglas@earthlink.net> wrote:

> oh.. come on barry!!
>
> if it was easy, anybody could do it!!! akamai figured out how to essentially
> map the internet traffic in real time... surely this couldn't be that much
> harder!!!
>
> note the humour!! but seriously, how might it be done...
>
> as a basic question, how many dns servers are we talking about if we simply
> constrain it to the dns servers that are exposed...
>
> has anybody ever researched this???

Many thousands, I guess. Every organization that hosts their own DNS
will likely have several nameservers.

If you constrain it just to the ones that can be found by listing zones
that have open "allow-transfer" ACLs, I suspect you'll only find
something like 10-25% of them. In that case, what's the point? From
the context, I assume the intent is to get a list of valid nameservers,
so that you can avoid caching delegations pointing to anything outside
the list. But if the list is seriously incomplete, you risk an enormous
number of false negatives.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***