Author Topic: DNS leaks private addresses for domains  (Read 1397 times)

airtonix

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +2/-0
    • View Profile
DNS leaks private addresses for domains
« on: March 10, 2013, 07:39:20 am »
Network
1. configure eth0 as external ppoe.
2. configure eth1 as internal: 10.0.0.1
3. witness eth0 having a public IP of something like : 203.222.111.001

DNS
1. install and enable dns module
2. dns > domains : [+Add New]
3. provide domain name (example.com), save changes
4. dns > domains > [example.com > Domain IP Addresses]
5. witness it having two IP addresses : 10.0.0.1 and 203.222.111.001

DNS Registrar
1. bind your zentyal dns server to ns1.example.com ns*.example.com

Android Phone
1. disable wifi connection to local network, enable mobile data (3g, etc)
2. install network tools
3. swipe to DNS Dig pane
4. query example.com
5. witness external client is given private address of server


$ host example.com
example.com has address 203.222.111.001
example.com has address 10.0.0.1
example.com has IPv6 address ::1
example.com mail is handled by 10 ns.example.com.



Expected Results:

Query results should only contain private address results for internal queries (via eth1 or localnet)
« Last Edit: March 10, 2013, 07:41:16 am by airtonix »