Reg : DNS Cache poisoning

Sudheer Bysani sudheer.bysani at
Tue Sep 18 22:38:01 UTC 2007

I'm in the process of developing a lab for Security Education 
( and require some help on 
conducting DNS Cache Poisoning attacks.

Pharming Guide ( 
explains DNS Cache poisoning attack, where in the attacker name server 
includes the additional (faked) resolution records (of other websites) 
apart from what its actually asked for.

I'm wondering how exactly to do this. I know this issue has been fixed 
in Bind 9. I was trying the same in 8.4.6, but still unsuccessful.

This is my SOA for the same:

@ IN SOA (
        ) IN NS IN NS ** IN MX 10

ns1 IN A
* IN A*

Now, if I try to dig, it shows as one of 
the name servers, but it actually resolves the IP address of if it actually exists.

How do I make the bind resolve to the IP address I 
mention ?

Is it actually possible to send fake resolution records for the domain 
which the name server doesn't represent ?

Any help is appreciated.


More information about the bind-users mailing list