domain attacks

Lem0nHead

Verified User
Joined
Nov 28, 2004
Messages
265
hello

that's a problem that can happens when users are allowed to change their domain addresses:
1) you have 127.0.0.1 as a nameserver
2) user add domain directadmin.com (or whatever domain is used to get updates from)
3) he put the right files on his homedir
4) I try to update DirectAdmin and, instead, will get the files he prepared... and it can be a trojan/rootkit of course

it can happen with freebsd updates too

so I'd like to know:
1) Is it possible to not let user change their domain names?
2) Is it possible to alert the admin on domain changes?

(in case the last one isn't possible yet, is there a log file with that info so I can make a script to monitor it?)
 
the best solution is do not use 127.0.0.1 as a nameserver, but if you insist on it then the only way around it I see is adding directadmin.com yourself before hand.
 
For security you should NEVER use the same nameserver for for both authoritative and cacheing DNS resolution.

Most of us do, as a shortcut, but if you're worried, then use only external nameservers for cacheing DNS resolution.

(We're guilty of this shortcut ourselves but we expect to install an external DNS cacheing only server within a month.)

Jeff
 
Back
Top