DNS is for the Internet, what oxygen is for life. Though we constantly use it, we are unaware of its presence. DNS has come a long way since Stanford Research Institute’s Network Information Center (SRI-NIC) maintained a file called hosts.txt which contained host-names and their corresponding IP addresses, to a complex network of databases called name-servers.
DNS was originally designed to make it easier for us to memorize names (host-names) rather than numbers (IP addresses). Gradually, many applications and protocols used the host-names and IP addresses as a basis to authenticate the host. Thus DNS security came into being, since wrong information from a DNS server, can disallow a legitimate request from a legitimate client.
Lets see in what ways our DNS infrastructure is vulnerable.
Cache Poisoning
Think of a scenario where you request for a website xyz.com. If your local name-server is not the authoritative name-server for the domain, or it’s corresponding IP address has not been cached in your local name-server, it will forward the query to a remote name-server as per the resolver configuration. Cache poisoning is when DNS information of a domain is not supplied by that domains authoritative name-server and this incorrect/malicious information is cached in a caching name-server.
Client Flooding
DNS uses User Datagram Protocol(UDP) for response data size lesser than 512 bytes. Since, UDP is a connection-less protocol, a single DNS query can get numerous responses from attackers name-servers. Thus the legitimate response may get lost among thousands of fake responses. Thus, the local name-server gets flooded by fake DNS responses resulting in corruption of its DNS entries.
Information Disclosure attacks
While it may seem to be harmless, DNS queries can be used to know the host-names of the system or the operating system details. An intruder can use DNS tools to query the IP addresses and find out which IP address(s) are still unassigned. He can then spoof the IP address and login to your system.
Vulnerability in sharing a name-server
Most of the hosting companies provide shared name-servers where many clients can use it for the domains registered by them. Imagine, a rogue client enters a zone entry for the domain paypall.com pointing to a.b.c.d IP address in the shared name-server. Other clients using the same name-server as their primary name-server when trying to access paypall.com will be redirected to a.b.c.d IP address.
Thus, all the clients are redirected to a false website, which would be a phishing site.
Thus, all the clients are redirected to a false website, which would be a phishing site.
DDoS on DNS
It is possible to send multiple DNS requests to a name-server in such a quantity, that it’s normal service gets crippled. Various scripts are available, that can spoof IP addresses and send thousands of fake DNS request to a name-server. Legitimate requests on other hand get a “DNS request timed out.” message when they try to resolve a host-name.
These are the list of vulnerabilities in DNS. Many of them have been taken care of. Sometimes it is for a sheer mistake of the DNS administrator, that the whole DNS may get corrupted. There is a new kid in the block called DNSSEC (DNS Security), we will discuss it in the coming week.