Dhaval Kapil presented on DNS security. He discussed how DNS works and its flaws due to a lack of security in its original design. This allowed various threats to emerge like zone file compromise, DNS amplification attacks, and cache poisoning. To mitigate these threats, extensions like DNSSEC were developed to authenticate DNS responses and ensure integrity, though adoption remains limited.

1. DNS Security
Dhaval Kapil
Computer Science and Engineering Department
IIT Roorkee

2. Flow of the presentation
● About DNS
● Working of DNS
● Flaws in design of DNS
● Threats involving DNS
● Mitigation of these threats

3. Domain Name Service
http://www.codeguru.com/cpp/sample_chapter/article.
php/c12013/Sample-Chapter-Domain-Name-System.htm

4. About DNS
● Hierarchical distributed naming system for computers
● Mapping of 'domain name' and 'IP address'
● Internet’s primary directory service

5. Working of DNS
DNS Server:
■ Information about domain names stored in text files called zones
■ Listens on UDP port 53 for name resolution queries
■ Listens on TCP port 53 for zone transfer queries
DNS Client:
■ Runs a service - resolver
■ Handles interaction with DNS Server for resolving domain names and IP
addresses through records

6. Flaws in the design of DNS
● Designed without any security considerations
● Was initially designed for small networks with trusted hosts
● No check for authenticity and integrity added
● Unfortunately with growth of network DNS remained
unchanged
● Resulted in lots of threats because of the above issues

7. Threats involving DNS
1. Zone File Compromise
2. Zone Information Leakage/DNS Footprinting
3. DNS Amplification Attack
4. DNS Client flooding
5. DNS Cache poisoning
6. DNS Vulnerabilities in Shared Host Environments
7. DNS Man in the Middle Attacks - DNS Hijacking
8. Typosquatting

8. Zone File Compromise
● Administrator can directly interact with DNS Server
● Command line or GUI interface provided for configuration of
DNS records
● In this attack, the attacker first gains direct access to the
server
Security measure: Restrict access to DNS server

9. Zone Information Leakage/DNS Footprinting
● Zone Transfer: DNS Server passing a copy of its database
(called “zone”) to another DNS Server.
● Slave DNS Servers ask for zone transfer from Master DNS
Server
● Attacker pretends to be a Slave DNS Server
● DNS records reveal about the topology of the network
Security measure: Restrict zone transfers to particular IP
addresses or use any other kind of authentication

10. DNS Amplification Attack
● Genuine DNS servers used to perform DOS attack on victim
host
● Attacker sends DNS request packets to a genuine DNS
Server with source IP spoofed as victim’s IP.
● Amplified responses go to victim.

11. DNS Client Flooding
● Attacker sends a flood of DNS packets to the DNS server
● Preferably request for invalid domains
● The DNS server tries to spend all of its resources on finding
the IP
● Resources exhausted for legitimate requests

12. DNS Cache Poisoning
https://jfdm.host.cs.st-andrews.ac.uk/notes/netsec/

13. DNS Vulnerabilities in Shared Host
Environments
http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf

14. DNS Man in the Middle Attacks - DNS Hijacking
http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf

15. Typosquatting
● The practice of registering a domain name that is confusingly
similar to an existing popular brand
● The attacker registers similar sounding domain names.
● This threat does not target a particular victim.

16. DNSSEC (Domain Name System Security
Extensions)
● Around 1994, the IETF started a discussion to make DNS
secure by adding a set of extensions to it.
● Backward compatibility ensured
● Performance issues kept in mind
● Provides authentication and integrity to DNS
● Unfortunately still not widely adopted

17. ● Widespread need of DNS in internet
● Original implementation didn’t consider security issues
● No check for authenticity and integrity
● To add security, IETF added security extensions DNSSEC
Conclusion