It is inconvenient to remember the IP addresses of all servers connected to the Internet. So, we use the DNS or Domain Name System. We type the domain name in the address bar of the browser, and DNS does the rest of the job to get the IP address of the server. But the DNS is also vulnerable to attacks. Imagine what if your computer makes a DNS query and gets a wrong response that contains the IP address of an attacker’s server?
So, what are the security issues with DNS, and how can we address them? Let’s understand that in more detail.
What are the security issues with DNS?
Research shows that there are mainly two types of DNS attacks:
- Protocol Attacks: These attacks are based on how the DNS works.
- Server Attacks: These attacks are based on bugs or flaws in the DNS programs or the machines running DNS services.
We would look into these attacks in more detail. First, let’s understand how the DNS works.
How do DNS servers work?
Suppose we want the IP address for the domain some.dns.example.com. To know the IP address, we would make a DNS query to a DNS server. Now, the DNS query can be a recursive one or an iterative one. For a recursive query, the DNS server will respond to the query with an answer. If it itself does not have the answer, it will ask other servers. For an iterative query, the server immediately responds with the answer or says that it does not have the answer, in which case the query is redirected to another DNS server.
In our example, the host first makes a query to the server authoritative for the .com domain. After that, the query gets redirected to example.com. The server authoritative for the domain example.com should have the IP address mapping for some.dns.example.com, or it redirects to the server authoritative for answering the query, in which case it is dns.example.com. And finally, the query gets resolved.
What is a DNS protocol attack?
Protocol Attack is mainly done by poisoning the DNS cache of the server so that the server contains a wrong mapping to an IP address. In this case, the server contains a mapping to the IP address of an attacker’s server.
To give an example, a hacker can make a recursive DNS query for a non-existent query mapping. The DNS …
0 Comments