DNS stands for Domain Name System
Types of DNS servers:
- Authoritative server – The server has authoritative information about the queried domain and it will respond the request with the information in its local database.
- Not configured as a recursive resolver – The server will respond with a DNS Referral Response message to inform the client where to send the query to obtain a authoritative answer.
- Recursive resolver – When the server doesn’t have information about the queried domain because it’s not authoritative or it doesn’t have information in the cache, it will recursively query other DNS servers to obtain the information. It will answer the client with a non-authoritative reply and will store the information in the cache.
DNS Open Resolver are servers that response queries to any user
Type of attacks:
- DNS Cache Poisoning – The attacker send falsified RR information to the DNS server to be stored in the cache and point the clients to a different IP
- DNS Amplification and Reflection Attacks – Consist on sending DNS messages to Open Resolvers with a spoofed source IP of the victim in order to make the DNS server send the response to the victim. This is a method to hide the real source of the attack for the victim and could cause a DoS.
Protections for Spoofing:
- Unicast Reverse Path Forwarding – The DNS server evaluates the query source IP address looking at its routing table.
- IP Source Guard – L2 measure that required DHCP Snooping. Checks that the packets source IP correspond with the DHCP Assignation with their MAC address.
- Access Control Lists
DNS implementation: BIND, Windows DNS Server
DNSSEC – DNS Security Extensions – Adds data origin authentication and data integrity