I am using fortify and it is showing the vulnerability by which the attacker can do DNS spoofing while I am trying to get hostname in the java application. I have got one solution that by matching forward DNS and Reverse DNS entries it can be avoided. But how it is useful and how can I implement it, I am not able to find it. Fortify shows vulnerability at this line
Fortify is showing recommendations like this:
Recommendations:
You can increase confidence in a domain name lookup if you check to make sure that the host's forward and backward DNS entries match. Attackers will not be able to spoof both the forward and the reverse DNS entries without controlling the nameservers for the target domain. This is not a foolproof approach however: attackers may be able to convince the domain registrar to turn over the domain to a malicious nameserver. Basing authentication on DNS entries is simply a risky proposition.
Any help is appreciated and another solutions are also welcome.
Thanks in advance.
I assume it's something like this:
final String hostname = "google.com";
final String ipAddress = "123.123.123.123";
final InetAddress byIpAddress = InetAddress.getByName(ipAddress);
boolean forwardCheck = byIpAddress.getHostName().equals(hostname);
final InetAddress byHostName = InetAddress.getByName(hostname);
boolean reverseCheck = byHostName.getHostAddress().equals(ipAddress);
if (reverseCheck && forwardCheck) {
// perform your logic
}