[Pdns-users] pdns_recursors trusts addtional section where it better shouldn't

Thomas Mieslinger miesi at india.com
Fri Feb 17 13:15:52 UTC 2017

On 17.02.17 13:56, Brian Candler wrote:
> On 17/02/2017 12:53, Thomas Mieslinger wrote:
>> With crafted glue in the tld zone and mailrelays using pdns_recursor
>> you could redirect mail traffic.
> If you have the ability to craft glue in the tld zone, surely you could
> also just change the delegation outright??

No, the idea is to create a new domain with malicious glue and then send 
emails over the MXes to infiltrate. The MXes will do lookups, which 
trigger the pdns_recursor cache poisoning.

My employers customers called in because they couldn't send emails to 
ovh MXes. If the broken domains would have been malicious and glue ips 
with port 25 open, the MXes would have delivered the emails to them.

So do registries accept something like "mx00.t-online.de A" as hostobject for a NS of a domain?

In the case of .com/.net I have the feeling they accept all kind of 
bullshit (see first mail of this thread)


More information about the Pdns-users mailing list