Debian: New PowerDNS packages reduce DNS spoofing risk
LinuxSecurity.com: Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing (CVE-2008-3337). This update changes PowerDNS to respond with SERVFAIL responses instead.
Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused:
Regards,
ptrfw (1 Reply)
REC_CONTROL(1) [FIXME: manual] REC_CONTROL(1)NAME
rec_control - control pdns_recursor
SYNOPSIS
rec_control [--help] [--socket-dir] [--socket-pid] command ..
DESCRIPTION rec_control(1) allows the operator to control a running instance of the pdns_recursor.
The commands that can be passed to the recursor are described on http://doc.powerdns.com/rec-control.html
EXAMPLES
To stop the recursor by hand, run:
# rec_control quit
To dump the cache to disk, execute:
# rec_control dump-cache /tmp/the-cache
OPTIONS --help
provide this helpful message
--socket-dir
Where the controlsocket will live
--socket-pid
When running in SMP mode, pid of pdns_recursor to control
--timeout
Number of seconds to wait for the remote PowerDNS Recursor to respond. Set to 0 for infinite.
COMMANDS
dump-cache filename
Dumps the entire cache to the filename mentioned. This file should not exist already, PowerDNS will refuse to overwrite it. While
dumping, the recursor will not answer questions.
get statistic
Retrieve a statistic. For items that can be queried, see http://doc.powerdns.com/recursor-stats.html
get-all
Retrieve all known statistics.
ping
Check if server is alive.
quit
Request shutdown of the recursor
reload-zones
Reload authoritative and forward zones. Retains current configuration in case of errors.
top-remotes
Shows the top-20 most active remote hosts. Statistics are over the last remotes-ringbuffer-entries queries, which defaults to 0.
wipe-cache domain0 [domain1]
Wipe entries from the cache. This is useful if, for example, an important server has a new IP address, but the TTL has not yet expired.
Multiple domain names can be passed. Note that you must terminate a domain with a .! So to wipe powerdns.org, issue rec_control
wipe-cache powerdns.org.. Versions beyond 3.1 don't need the trailing dot. Consider not only wiping www.domain.com. but also
domain.com., as the cached nameservers or target of CNAME may continue to be undesired.
BUGS
None known. File new ones at http://wiki.powerdns.com.
AUTHOR
Written by PowerDNS.COM BV, bert hubert, <bert.hubert@netherlabs.nl[1]>
RESOURCES
Website: http://wiki.powerdns.com, http://www.powerdns.com
SEE ALSO pdns_recursor(1)COPYING
Copyright (C) 2006 PowerDNS.COM BV. Free use of this software is granted under the terms of the GNU General Public License (GPL) version 2.
NOTES
1. bert.hubert@netherlabs.nl
mailto:bert.hubert@netherlabs.nl
[FIXME: source] 08/30/2010 REC_CONTROL(1)