Re: DNS Spoofing

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Zeno <louey-3@xxxxxxxxxx> wrote:
> You mean the http request to the destination web server timed
> out......
>
> And then when you request the page again it sends the http request and
> makes a successful connection to the destination web server hence the
> page loads...
>
> Is that correct?

Yes, This only means the browser got an IP address from DNS, and it is
unable to load the web site from that IP address.
This can also be caused by a firewall that does not support EDNS packets
(UDP Packets of more than 512 bytes) Since the packets are blocked, nothing
is cached on the DNS server, and your DNS will retry the query with TCP.

Another problem is caused by an MTU problem, which also shows up in the
browser as a DNS error. MTU problems can usually be found by pinging the web
site with a set packet size.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: Cant Resolve Certain internet DNS names
    ... Our firewall was already using 1500 MTU, but the Checkpoint SmartDefense ... Why are some websites using non-RFC compliant packets for DNS? ... > DNS server, but this reduces DNS efficiency because queries that won't fit ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Fixup/Inspect Pix/ASA 7.0 or greater breaking email
    ... emails being sent to AOL and Comcast plus a few other mom and pops to hang ... I have that there is no way that a DNS inspect command could cause only ... long responses have the response dropped, ... 1500 byte packets these days, that they can just send back longer ...
    (comp.dcom.sys.cisco)
  • A paper by Amit Klein (Trusteer): "OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vu
    ... DNS transaction ID (OpenBSD ported BIND 9 into their code tree, ... fragmentation ID normalization feature (e.g. "scrub out random- ... packets and raw IP packets. ...
    (Bugtraq)
  • Re: IP Tables DNS issues
    ... >I'm having problem with my IP tables allowing DNS queries, ... ># Log packets with impossible source addresses ... There is significant discussion of the merits of DROP verses DENY ... (send RESET or ICMP Type 3). ...
    (comp.security.firewalls)
  • RE: Firewall Rule Set not allowing access to DNS servers?
    ... I changed the DNS rules as you suggested, and the firewall works perfectly - ... > # Allow out access to my ISP's Domain name server. ... > so your udp packets never match this rule and default to ...
    (freebsd-questions)