OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: salo (saloXtrmntr.org)
Date: Mon Aug 20 2001 - 22:33:24 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    hi there,

    On Mon, Aug 20, 2001 at 08:24:14PM +0400, Mitino-PTT support wrote:
    > i think first operating system looks hosts file and then (if not true) makes
    > a dns query

    in fact this is not true (i do not know how it works in windows). this is only
    default configuration on dns-resolver-based-lookups hosts. magical place where
    it is all configured is /etc/nsswitch.conf, directive "hosts".

    typically it looks as follows:

      hosts: files dns

    this will cause internal resolver to look into /etc/hosts first and only if
    nothing appropriate is found there ask first external resolver defined in
    /etc/resolv.conf

    so if you want to skip /etc/hosts, simply change that line to:

      hosts: dns

    and your host will always ask external resolver for dns lookups. there are
    another possibilities like ask nis resolver, etc. -> man nsswitch.conf in your
    favorite UNIX-like OS

    > its not a bug or vulnerability
    > it is feature (which came from ancient times when there was no domain name
    > system on the Earth)

    /etc/hosts is especially usable in small LANs without external resolver/dns
    server configured, etc.

    > i think it is not a topic for this list

    sure. this is topic for "fundamentals of [insert your favorite OS here]"
    ond "newbie to dns".

    > >C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts
    > >
    > >C:\WINDOWS>ping www.hotmail.com
    > >
    > >Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data:
    > >
    > >Reply from 192.168.1.2: bytes=32 time=38ms TTL=255
    > >
    > >Ping statistics for 192.168.1.2:
    > > Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
    > >Approximate round trip times in milli-seconds:
    > > Minimum = 38ms, Maximum = 38ms, Average = 38ms
    > >Control-C
    > >
    > >
    > >Tested the same thing under linux too... no suprises really I spose just
    > >something to ponder...

    what about placing:

    zone "." {
            type master;
            file "surprise";
    };

    into your 'named.conf' and then put:

    * IN A 127.0.0.1.

    into 'surprise' and starting bind? you have whole internet on your desk!
    great, isn't it? no, it is not. please read some documents describing how dns
    resolving and OS you are using work and get a clue about it.

    thank you 

    -- 
--   salo <saloXtrmntr.org>         ASCII Ribbon campaign against   /"\   --
--        <salosilcnet.org>         e-mail in gratuitous HTML and   \ /   --
--                                   Microsoft proprietary formats    X    --
--   http://Xtrmntr.org/salo.pgp                                     / \   --