Thursday, 14 December 2006

Old DNS stuff

Today I was trying to test honeysnap (which, by the way, it is a very useful tool) with some DNS data in a pcap file and wanted to test some HINFO and TXT DNS records. But the problem I came across is that it is very rare to find any HINFO record nowadays in the Internet!!!

According to the RFC, HINFO is supposed to be the record for describing the hardware where the DNS server (ISC bind usually) is running on. Almost every security paper and/or manual I can remember say that "you must delete your HINFO record in order not to give strategic information to your attackers" Ouch!!!! Come on, if you do not want to say your real hardware, at least say something funny, like "This is running an illegal version of Windows" or better, "The DNS server hardware is something that came from the outer space"...

Anyway, after looking desperatly for any DNS server with any HINFO I found one in Canada. The domain (The University of Western Ontario) has a HINFO record, that is "Sun Ultra Enterprise 2 Solaris 2.6". Pretty clasic, isn't it?

1 comment:

kresp0 said...

Real example:

host -t HINFO host information "Casio" "Calculator"