DNS Spoofing?

Discussion:

DNS Spoofing?

(too old to reply)

Christoph Gartmann

2007-05-31 14:29:47 UTC

Hello,

we have a WiFi access-point (Netgear WG102) which tries to get the date and
time via NTP from Netgear's servers. This is hardcoded in this box and cannot
be modified. But we run the access-point in a separate LAN with no access to
the Internet. Now we would like to do some "DNS spoofing" with our DNS under
Multinet 5.1A. The access-point sends a DNS query with the name of a
timeserver, then a NTP packet to the address received. Is it possible to tell
our DNS to answer with our local timeserver's address when queried for this
particular nameserver?

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: ***@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html

Michael Corbett

2007-05-31 14:59:34 UTC

Permalink

Post by Christoph Gartmann
Hello,
we have a WiFi access-point (Netgear WG102) which tries to get the date and
time via NTP from Netgear's servers. This is hardcoded in this box and cannot
be modified. But we run the access-point in a separate LAN with no access to
the Internet. Now we would like to do some "DNS spoofing" with our DNS under
Multinet 5.1A. The access-point sends a DNS query with the name of a
timeserver, then a NTP packet to the address received. Is it possible to tell
our DNS to answer with our local timeserver's address when queried for this
particular nameserver?

Yes, you could make it a master for the record. Add a zone statement
to the named.conf -

zone "ntp.netgear.com" in {
type master;
file "MULTINET:dns.netgear";
};

Create the multinet:dns.netgear -

@ 604800 IN SOA LOCALHOST. Postmaster.LOCALHOST. (
1 ; Serial
7200 ; refresh every 2 hours
3600 ; retry every hour
12096000 ; expire in twenty week
86400 ) ; minimum

604800 IN NS LOCALHOST.
IN A 10.3.16.2

Restart the nameserver and you should be able to resolve net.netgear.com
using the local nameserver.

$ mu nsl ntp.netgear.com
Server: LOCALHOST
Address: 127.0.0.1

Name: NTP.NETGEAR.COM
Address: 10.3.16.2

regards
Mike

--
+-------------------------------------------------------------------------+
Michael Corbett Email: ***@process.com
Process Software Phone: 800 722-7770 x369
959 Concord St. 508 879-6994 x369
Framingham MA 01701-4682 FAX: 508 879-0042

Ryan Moore

2007-05-31 15:15:42 UTC

Permalink

Yes, this should be possible. The general idea is to specify the zone of
the DNS name in your server and declare the server to be primary for that
zone. Then you can create a zone file which specifies any IP address you
want for the name you want.

It might be possible to create a zone specifically for that address, but I
haven't tried that before.

That is, if the name is "ntp.linksys.com":

Option 1. Make your name server primary for zone "linksys.com" and create
a zone file that contains whatever you want for "ntp.linksys.com". The
bad thing here is that the server won't be able to resolve any other
linksys.com addresses over the Internet.

Option 2. I'm not sure this will work. Make your nameserver primary for
the zone "ntp.linksys.com". Usually you would use this for sub-domain
hosts like "host.ntp.linksys.com". I'm not sure if you can create an A
record for a subdomain. I would think so. The advantage with this method
is that the rest of linksys.com would continue to work normally over the
Internet.