injecting a temp entry into dns cache

[Vernon Schryver]

> > There is a credit union website that our users access from work and
> > their dns has been broken for the past few days where the www. version

> From: Jeff Reasoner <jeff.reasoner at mail.hccanet.org>

> I elected to add the zone in named.conf and answer the query correctly
> (and authoritatively) until I could get the owner to correct things. You
> will probably need to add other zone records too - MX and any other A
> records you can think to search for.

> Personally, I wouldn't consider doing something like that in this
> situation as you've described. ...

On my own computers and for my own busines, I add temporary lines
to /etc/hosts every few months to deal with such problems.  However,
hacking a financial institution by publishing false DNS data to
third parties (including employees) would promise too much excitement
and too little profit for my tastes, especially after talking about
the crime in public.  I doubt that I could convince a court of
technical facts or that I was doing the credit union a favor.  The
credit union would probably convince the authorities (including the
newly sprouting bureaucracy run by the same people who are in charge
of the TSA) that I was responsible for the whole mess from the
beginning.

Besides, do you really want to help drive business to that kind of
financial institution?  If its trivial records like DNS are a persistent
mess, what about the complicated banking records required by law?

If it were competent, the credit union would be using DNSSEC, which
make a local DNS zone useless.


Vernon Schryver    vjs at rhyolite.com