What is DNS Cookies?
When we type a URL in the browser address bar, our computer makes a DNS query to the appropriate DNS servers, and it gets the corresponding IP address. Using the IP address, the computer accesses the target system. Protocols like SSL/TLS and HTTPS can ensure that the communication between the server and the client is encrypted after the domain name resolution is done. But, what if an attacker takes advantage of the DNS communication between the client and the DNS server at the time of domain name resolution and affects that to transfer the traffic to malicious servers or make a DoS attack? DNS Cookies is a security mechanism that is developed for that purpose.
DNS Cookies is a lightweight DNS transaction security mechanism that protects DNS servers and clients from various attacks, such as DoS attacks, DNS Amplification attacks, DNS Cache Poisoning, etc. It is a lightweight mechanism and can work with other existing DNS transaction security mechanisms. It can even work in the presence of NAT and NAT Protocol Transaction (NAT-PT).
Let’s understand what DNS Cookies is actually and how it works.
What are the security concerns of DNS?
There are a number of security concerns in the existing DNS system. Some of them are mentioned below :
DoS Attacks on DNS Servers
When a DNS client makes a DNS request to DNS servers, it causes them to bear a heavy computational burden. A recursive server may issue one or more requests and process the responses, which requires many computational resources. The situation may even worsen when DNSSEC is used. DNSSEC performs many cryptographic computations to verify the authenticity of the DNS transaction.
So, if an attacker forges the source IP address and sends many DNS requests to the DNS servers, it would be very hard to identify that the requests are forged ones. Moreover, it is impossible to restrict IP addresses from which DNS requests should be honored and discarded otherwise.
As a result, an attacker can take advantage of that and send many DNS requests to the DNS servers so that the resources of the DNS servers get exhausted, resulting in a DoS attack.
DNS Cache Poisoning
When we type a URL in the browser’s address bar, our computer queries the appropriate DNS server. Once the DNS server responds, the DNS client stores the IP address in its DNS cache. The entry in the DNS cache also includes a time stamp up to which the entry remains valid. Within that time, if we type the address again, our computer will look at its DNS cache for the entry.
Suppose our computer has made a DNS query and is waiting for a response from the DNS servers. But instead of an authentic response, it gets a response containing an IP address of the attacker’s website. So, the DNS cache will be poisoned, and from now on, whenever the computer tries to resolve …
0 Comments