James Kosin wrote:
If you are really paranoid (or about to do large transactions on what
you hope is your banking site), you could do a 'whois' lookup for the
target domain to find their own name servers and send a query directly
there for the target site.
The best approach, would probably be a system to allow you to poll a
few DNS
servers, and to take the returned ip address that comes back from the
most
of them as the "correct" ip address!! but this isn't implemented
anywhere as
far as i know....
dig @dns_server target_name
will send a query to a specified DNS resolver. Most public-facing
servers will only resolve the names of their own zones, especially
now. I think the current vulnerability only involves cached addresses
for which the server is not primary or secondary.
BUT, here is the really BAD news:
a) 99.9% of the internet is really a cached service. The only true DNS
entries are on the name servers that originated the DNS entry. This is
why when you put up a new domain they suggest waiting about 3-4 days for
the internet to propagate the DNS names. The information trickles down
the DNS servers until everyone has the corrected information or update.
The only real delay when adding something new is getting the registered
servers for a domain into the root servers. These should be the ones
listed in the whois lookup. There is a time-to-live associated with the
addresses, so existing names may linger with the wrong addresses, though.
b) If the DNS is corrupted you can't rely on the DNS resolver to be
pointing to the correct IP.!! You could be digging on the phishing site
and they would be reporting false and bad information to you so they can
scam you of your passwords and/or money.
They'd have to spoof several things at once to keep it from being
obvious but you are right, the whois result will give names that you
have to look up somehow.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
