Hello Thomas,
On 17 Feb 2017, at 14:15, Thomas Mieslinger wrote:
On 17.02.17 13:56, Brian Candler wrote:
On 17/02/2017 12:53, Thomas Mieslinger wrote:
With crafted glue in the tld zone and mailrelays using pdns_recursor
you could redirect mail traffic.
If you have the ability to craft glue in the tld zone, surely you
could
also just change the delegation outright??
No, the idea is to create a new domain with malicious glue and then
send emails over the MXes to infiltrate. The MXes will do lookups,
which trigger the pdns_recursor cache poisoning.
You are confused. This is impossible.
My employers customers called in because they couldn't send emails to
ovh MXes. If the broken domains would have been malicious and glue ips
with port 25 open, the MXes would have delivered the emails to them.
It would be very dumb of OVH to put malicious hosts in there. Why would
they do such a thing?
So do registries accept something like "mx00.t-online.de A
64.233.187.26" as hostobject for a NS of a domain?
No.
In the case of .com/.net I have the feeling they accept all kind of
bullshit (see first mail of this thread)
No, they don’t. Only ovh.net can make hosts under ovh.net.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
