Last updated at Wed, 26 Jul 2017 16:32:54 GMT
After seeing the SBC/ATT server for Austin get poisoned, serve up advertisements, and eventually get taken offline, I decided to add a module to compare DNS results between two servers. In the following example, the ".gov" TLD has been poisoned with the bailiwicked_domain Metasploit module:
msf > use auxiliary/spoof/dns/compare_results
msf auxiliary(compare_results) > set BASEDNS 220.127.116.11
BASEDNS => 18.104.22.168
msf auxiliary(compare_results) > set TARGDNS poisoned.server
TARDNS => poisoned.server
msf auxiliary(compare_results) > set NAMES www.fbi.gov
NAMES => www.fbi.gov
msf auxiliary(compare_results) > run
[*] Comparing results between 22.214.171.124 and poisoned.server...
[*] Querying servers for www.fbi.gov...
[*] Analyzing results for 1 entries...
[*] - www.fbi.gov A 126.96.36.199
[*] - www.fbi.gov A 188.8.131.52
[*] - www.fbi.gov CNAME a33.g.akamai.net
[*] - www.fbi.gov CNAME fbi.edgesuite.net
[*] www.fbi.gov A 184.108.40.206
[*] Auxiliary module execution completed