TsuNAME vulnerability can be exploited for DDoS attacks on DNS servers

TsuNAME DDoS attacks vulnerability
Written by Emma Davis

By registering a sufficient number of recursive DNS servers and exploiting the TsuNAME vulnerability, DDoS attacks can be launched against authoritative DNS servers.

A team of researchers reported vulnerabilities in the DNS ecosystem, allowing amplification of traffic that is directed to authoritative DNS servers, therefore making possible DDoS attacks against those servers.

The vulnerability, dubbed tsuNAME, was discovered when New Zealand and Dutch national domain registrars (.nz and .nl) detected anomalies in DNS traffic passing through their authoritative servers.

TsuNAME occurs when domain names are misconfigured with round robin DNS records, and when vulnerable resolvers access these misconfigurations, they begin a loop and quickly send DNS queries to authoritative servers and other resolvers.the researchers said.

The Internet Domain Name System (DNS) is one of the main services on the Internet. Each visit to a web page requires a series of DNS queries, and major DNS failures can have cascading consequences, leading to the unavailability of essential websites and services.

In order to understand how the vulnerability works, it is necessary to know the difference between an authoritative and recursive DNS server. Currently, most servers on the Web are recursive – they forward DNS queries from users to authoritative DNS servers that act as a kind of phone book and return DNS responses for specific domain names. Under normal circumstances, millions of recursive DNS servers send billions of DNS queries to authoritative DNS servers every day.

Authoritative DNS servers are typically run by large companies and organizations like content delivery networks, tech giants, ISPs, domain registrars, and government agencies.

The researchers explained that an attacker could create malicious DNS queries that exploit vulnerabilities in the recursive DNS server software in order to send malicious queries to authoritative DNS servers in a continuous loop.

If an attacker registers a sufficient number of recursive DNS servers, they can carry out fairly powerful DDoS attacks against authoritative DNS servers.

We have disclosed TsuNAME to operators of large recur-sive resolvers and some authoritative servers (more notifica-tions are ongoing), and worked with Google engineers, whosuccessfully fixed GDNS. Moreover, OpeDNS folks also fixedtheir software after our notification.researchers reported.

Let me remind you that we also talked about: The attackers changed the DNS settings for 180,000 routers.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending