Re: Piratage de dns

Thu, 23 Apr 2009 12:12:06 -0700

Y-a-t-il pas une erreur dans le serial (un petit zéro en trop) ? *20090422001* 

http://www.ietf.org/rfc/rfc1912.txt  (page3)

2.2 SOA records

  In the SOA record of every zone, remember to fill in the e-mail
  address that will get to the person who maintains the DNS at your
  site (commonly referred to as "hostmaster").  The `@' in the e-mail
  must be replaced by a `.' first.  Do not try to put an `@' sign in
  this address.  If the local part of the address already contains a
  `.' (e.g., john.sm...@widget.xx), then you need to quote the `.' by
  preceding it with `\' character.  (e.g., to become
  John\.Smith.widget.xx) Alternately (and preferred), you can just use
  the generic name `hostmaster', and use a mail alias to redirect it to
  the appropriate persons.  There exists software which uses this field
  to automatically generate the e-mail address for the zone contact.
  This software will break if this field is improperly formatted.  It
  is imperative that this address get to one or more real persons,
  because it is often used for everything from reporting bad DNS data
  to reporting security incidents.

  Even though some BIND versions allow you to use a decimal in a serial
  number, don't.  A decimal serial number is converted to an unsigned
  32-bit integer internally anyway.  The formula for a n.m serial
  number is n*10^(3+int(0.9+log10(m))) + m which translates to
  something rather unexpected.  For example it's routinely possible
  with a decimal serial number (perhaps automatically generated by
  SCCS) to be incremented such that it is numerically larger, but after
  the above conversion yield a serial number which is LOWER than
  before.  Decimal serial numbers have been officially deprecated in
  recent BIND versions.  The recommended syntax is *YYYYMMDDnn*
  (YYYY=year, MM=month, DD=day, nn=revision number.  This won't
  overflow until the year 4294.



Johan Dindaine a écrit :

Bonjour la liste,


Je vous ecris car je voudrais avoir quelques explications sur mon 
serveur DNS.


J'ai un domaine dont le SOA de la zone est
$TTL 86400 ; Default TTL

toto.com <http://toto.com>.            IN      SOA     
saturn.toto.     jojolapin972.gmail.com <http://jojolapin972.gmail.com>. (

                                *20090422001*      ; serial
                                10800   ; Refresh period
                                3600    ; Retry interval
                                1D      ; Expire time
                                10800   ; Negative caching TTL
                        )


A mon retour de vacance, j'apprends qu'un des enregistrements n'est 
plus mis a jour sur les serveurs esclaves. Alors que le numéro de 
série a été incrementé normalement.
Donc pour tester, je vais sur un serveur externe a ce reseau et 
execute un DIG dont le resultat est le suivant:

$ dig SOA cosmics.com <http://cosmics.com>

;; QUESTION SECTION:
;toto.com <http://toto.com>.                   IN      SOA

;; ANSWER SECTION:

toto.com <http://toto.com>.            86118   IN      SOA     
saturn.toto.com <http://saturn.toto.com>. jojolapin972.gmail.com 
<http://jojolapin972.gmail.com>. 2910552817 10800 3600 86400 10800


;; AUTHORITY SECTION:

cosmics.com <http://cosmics.com>.            86118   IN      NS      
saturn.toto.com <http://saturn.toto.com>.


Le numero de serie est devenu '2910552817'. Comment est ce possible?

























					Répondre à