ietf
[Top] [All Lists]

Re: DNS pollution

2006-10-11 23:44:09
On Wed, 11 Oct 2006, Keith Moore wrote:

In the past month or so I've run across two separate ISPs that are
apparently polluting the DNS by returning A records in cases where the
authoritative server would either return NXDOMAIN or no answers.  The A
records generally point to an HTTP server that will display
advertisements, but I've also seen more sinister things happen.

Is there anything that IETF as an organization, or IETF participants,
can do to discourage this?  To me this is fraud and unfair trade
practice in addition to being a security threat (as people give their
passwords when trying to connect to the wrong site) and harmful to
applications (either because they do connect to a protocol engine on the
wrong server, or they try to connect to a nonexistent protocol engine on
the wrong server and treat the "connection refused" or "connection timed
out" condition as a temporary error).  I've also seen this break
applications that speak both IPv4 and IPv6 by failing to return the AAAA
records.

I agree.  For me personally, this was not hypothetical.  The Pine mail
user agent that I use began to intermittently fail to connect to the
IMAP server even when there was no evidence of problems with network
connectivity.  The problem turned out to be DNS fraud.

I use ssh to connect over DSL service from Earthlink, and port
forwarding to get to the IMAP server.  That means Pine needs to
connect to 127.0.0.1 on the forwarded port number.  I don't know why,
but Pine does a DNS lookup on 127.0.0.1.  My problems arose when the
Earthink DNS servers began returning A records for a host that, if
accessed via http, provides a "helpful" message that the web site
address I had entered could not be found.  The DNS exchange, as
displayed by ethereal:

DNS  Standard query A 127.0.0.1
DNS  Standard query response A 209.86.66.92 A 209.86.66.93 A 209.86.66.94 A 
209.86.66.95 A 209.86.66.90 A 209.86.66.91

This caused Pine to attempt an IMAP connection directly to that host
rather than connecting to my intended IMAP server through the ssh port
forwarding.

Why the behavior was intermittent I have no idea, but the problem was
baffling.  I was able to figure out the answer because I am able to
run tcpdump and interpret the results.  Someone with less knowledge
would just have to suffer.

                                                        -- Steve

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>