server will eventually ask the server responsible for that domain to answer that query. If that server is controlled by the attacker, the attacker will respond with any data that he wants to be cached in the DNS server.
But the good thing is, this attack is quite old and does not work with BIND anymore. But, an attacker can do DNS Spoofing. In this case, the attacker intercepts the DNS query made by a DNS client to the DNS server and replies to the host with its own answer. But this is not easy. Every DNS query is associated with an ID number. To respond to the host with a spoofed answer, the attacker has to hack that ID also. Usually, the attacker does it through DNS ID hacking.
In a popular method, the attacker guesses the ID and replies with the spoofed answer with those guessed IDs. At the same time, it floods the DNS server with lots of queries. So, it takes some time for the DNS server to respond to the actual query of the host. By that time, the DNS client gets a spoofed response from the attacker. And when the DNS server sends the actual reply, the host rejects it.
What is a DNS server attack?
Another type of attack is the DNS server attack. The DNS server attack becomes possible because of bugs in the DNS software implementation.
A Denial of Service or DoS attack is also a type of server attack. Just to give an example, a DNS amplification attack (What is the DNS amplification attack?) is a type of DoS attack in which the attacker sends lots of DNS queries to a DNS server. However, the attacker forges the IP address of the victim’s machine as the source IP of all the sent packets. As a result, the DNS server ends up sending all the responses to the victim’s machine, floods the target machine with the responses, and ends up consuming all of the target machine’s bandwidth.
How to secure DNS?
We can take a couple of steps to address these security issues:
- DNS servers can forbid recursive DNS queries.
- DNS software must be updated regularly. New patches should be applied as soon as they release and BIND should be updated regularly.
- We can use the Split DNS Architecture. In this case, one external DNS is responsible for the name-to-IP mapping of all the external hosts of a domain for which the DNS is responsible for resolving queries. Another DNS is responsible for answering queries of internal or trusted hosts. In this way, even if the external DNS is affected, it won’t affect the service provided to the internal hosts.
I hope this helps. Interested readers who want to know more about how different malware and cyberattacks work and how we can prevent them may want to refer to the book “A Guide To Cyber Security.”






0 Comments