MoinQ:

DNS/毒盛/taxonomyについて、ここに記述してください。

DNS/The Hitchhiker’s Guide to DNS Cache Poisoning より

7 Taxonomy of Cache Poisoning Attacks

Table 3. Taxonomy of cache poisoning attacks on BIND and Unbound (abc.com is the bailiwick zone).

7.1 Adding a new CNAME record
7.2 Adding a subdomain under an existing authority
7.3 Overwriting an existing A record
7.4 Overwriting an existing NS record
7.5 Creating fake domains
7.6 Hijacking a popular domain via a sub-authority

この分類で十分だろうか、よく考えよう。 -- ToshinoriMaeno 2014-04-10 22:54:39

Suppose the attacker poisons the authority section for l.google.com.
Once the A record for www.l.google.com expires,
the victim will ask an attacker-controlled server to resolve www.l.google.com,
giving him complete control over the mapping.

This attack is effective against both BIND
and Unbound because it targets the authority section of a zone or the IP address of
the zone’s authoritative server, not the records in the additional section.

Therefore, Unbound’s default policy does not prevent the attack.
Technically, this attack is modeled by the same rules and uses the same payloads as in Section 7.3 (respectively, 7.4).