Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.


  • Be the first to comment

  • Be the first to like this


  1. 1. Introduction <ul><li>DNS it’s Domain Name System is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network . </li></ul><ul><li>Domain Name System (DNS) distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. </li></ul><ul><li>Domain Name System also defines the technical underpinnings of the functionality of this database service. For this purpose it defines the DNS protocol, a detailed specification of the data structures and communication exchanges used in DNS, as part of the Internet Protocol Suite (TCP/IP). </li></ul>
  2. 2. Overview DNS <ul><li>Domain Name System maintains the domain namespace and provides translation services between these two namespaces. Internet name servers and a communications protocol , implement the Domain Name System. </li></ul><ul><li>DNS name server is a server that stores the DNS records, such as address (A) records, name server (NS) records, and mail exchanger (MX) records for a domain name and responds with answers to queries against its database. </li></ul>
  3. 3. <ul><li>DNS refers to several things all at once. </li></ul><ul><ul><li>Domain Name Service - the data query service that searches domains until a specified host name is found. </li></ul></ul><ul><ul><li>Domain Name System – a system of mapping names to Internet Protocol (IP) addresses hierarchically in a specific domain, much like a phonebook for the Internet. </li></ul></ul><ul><ul><li>Domain Name Server - the server, used on the Internet and some private networks, where host names are translated to their IP address. </li></ul></ul>
  4. 4. History Of DNS <ul><li>Before the DNS was invented in 1983, each computer on the network retrieved a file called HOSTS.TXT from a computer at SRI. </li></ul><ul><li>In 1984, the first UNIX implementation. In 1985, Kevin Dunlap of DEC significantly re-wrote the DNS implementation and renamed it BIND and then BIND was ported to the Windows NT platform in the early 1990s. </li></ul><ul><li>BIND was widely distributed, especially on Unix systems, and is the dominant DNS software in use on the Internet. </li></ul>
  5. 5. DNS Hacking Technique <ul><li>DNS specifications did not include security based on the fact that the information that it contains, namely host names and IP addresses, is used as a means of communicating data. </li></ul><ul><li>The majority of the weaknesses within the DNS fall into one of the following categories: </li></ul><ul><ul><li>Cache Poisoning </li></ul></ul><ul><ul><li>Client Flooding </li></ul></ul><ul><ul><li>DNS Dynamic Update Vulnerability </li></ul></ul>
  6. 6. <ul><ul><li>Cache Poisoning </li></ul></ul><ul><ul><ul><li>DNS cache poisoning is a maliciously created or unintended situation that provides data to a caching name server that did not originate from authoritative Domain Name System (DNS) sources. Reason DNS poisoning is attacker makes use of DNS poisoning is a Denial Of Service (DOS) . </li></ul></ul></ul><ul><ul><li>Client flooding </li></ul></ul><ul><ul><ul><li>Client flooding occurs when a client system sends out a query, but receives and accepts thousands of DNS responses from the attacker. </li></ul></ul></ul>
  7. 7. <ul><ul><li>DNS dynamic update vulnerability </li></ul></ul><ul><ul><ul><li>An attacker, who is able to successfully accomplish either, can perform a variety of dynamic updating attacks against the primary server. They can range from denial of service attacks, such as the deletion of records, to malicious redirection, for instance, by changing IP address information for a RR being sent in an update. </li></ul></ul></ul>
  8. 8. Security DNS <ul><li>Disable open recursive name servers. </li></ul><ul><ul><li>The attack is not effective if the attacker cannot end question packets to the name server. </li></ul></ul><ul><ul><li>If want to run a recursive name server, limit access to only those computers that need it. </li></ul></ul><ul><ul><li>Turning off open recursive name servers is a good idea anyway, because they can be used for other types of attack (Denial of service). </li></ul></ul><ul><li>Use upper/lover case to add randomness </li></ul><ul><ul><li>the answer should preserver the same capitalization as the question. by mixing upper and lover case, it provides more combination that an attacker has to guess </li></ul></ul><ul><ul><li>this is a way of adding entropy to the DNS without modifying the protocol </li></ul></ul>
  9. 9. <ul><li>Back-Up That Registration Data. </li></ul><ul><ul><li>All DNS registration data at the root and TLD levels must be backed up in easily readable forms onto highly stable forms of permanent media (e.g. CD-ROMs) using well publicized human-readable formats (such as XML). </li></ul></ul><ul><ul><li>These copies must be physically protected and must be periodically tested for readability. </li></ul></ul><ul><ul><li>Periodic tests must be made to ensure that these backup can be successfully reloaded. </li></ul></ul>
  10. 10. Conclusion <ul><li>DNS was a great breakthrough in making the Internet easier to use. As you can tell, however, we have a long way to go to create any sort of truly secure computing experience. </li></ul>
  11. 11. Thank You <ul><li>Email : [email_address] </li></ul><ul><li>Blog : </li></ul>