2007-11-01 19:29:41
By Tim Brown
Some time ago, I discussed how it was possible to finger Microsoft's DNS server due to some of the more esoteric RFCs that it implemented. Well today, I want to discuss BIND. BIND supports the following TXT records in the CHAOS class:
Whilst version.bind is often masked by system administrators, the others may not be. Moreover they may disclose some interesting information about the target DNS server. For example, try dig @a.root-servers.net hostname.bind. chaos txt and see which multicast DNS server responds or dig @ns1.ca.nth-dimension.org.uk hostname.bind. chaos txt which discloses my primary DNS server's internal hostname. Likewise, try dig @ns1.ca.nth-dimension.org.uk authors.bind. chaos txt and receive a list of the credited authors of BIND. This is not RFC compliant behaviour. DNS based information disclosure is fun...
Mood: Excited
Music: Nothing playing right now
You are unknown, comment