Abstract
DNS cache poisoning is a serious threat to today’s Internet. We develop a formal model of the semantics of DNS caches, including the bailiwick rule and trust-level logic, and use it to systematically investigate different types of cache poisoning and to generate templates for attack payloads. We explain the impact of the attacks on DNS resolvers such as BIND, MaraDNS, and Unbound and their implications for several defenses against DNS cache poisoning.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Internet Systems Consortium BIND 9.4.1, http://www.isc.org/downloadtables
Abadi, M., Blanchet, B.: Computer-assisted verification of a protocol for certified email. Sci. Comput. Program. 58(1-2), 3–27 (2005)
Atkins, D., Austein, R.: Threat Analysis of the Domain Name System (DNS). RFC 3833, Informational (August 2004)
Bau, J., Mitchell, J.: A security evaluation of DNSSEC with NSEC3. In: NDSS (2010)
Bernstein, D.J.: DNSCurve, http://DNSCurve.org
Blanchet, B.: Automatic verification of correspondences for security protocols. J. Computer Security (2009)
Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS forgery resistance through 0x20-bit encoding. In: CCS (2008)
Doughety, C.R.: Vulnerability note vu#800113 (2008), https://www.kb.cert.org/vuls/id/800113
Eastlake, D.: Domain Name System Security Extensions. RFC 2535 (Proposed Standard) (March 1999), Obsoleted by RFCs 4033, 4034, 4035, updated by RFCs 2931, 3007, 3008, 3090, 3226, 3445, 3597, 3655, 3658, 3755, 3757, 3845
Elz, R., Bush, R.: Clarifications to the DNS Specification. RFC 2181 (Proposed Standard) (July 1997), Updated by RFCs 4035, 2535, 4343, 4033, 4034
Høy, J.: Anti DNS spoofing - extended query ID (XQID) (April 2008), http://www.jhsoft.com/dns-xqid.htm
Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. In: CCS (2007)
Kaminsky, D.: Black ops 2008-it’s the end of the cache as we know it. Presented at BlackHat 2008 (2008)
King, T.: Packet sniffing in a switched environment (August 2002), http://www.sans.org/reading_room/whitepapers/networkdevs/
Klein, A.: BIND 9 DNS cache poisoning (March 2007), http://www.trusteer.com/bind9dns
NLnet Labs. Unbound 1.3.4, http://www.unbound.net/download.html
Mockapetris, P.V.: Domain names - concepts and facilities. RFC 1034 (Standard) (November 1987), Updated by RFCs 1101, 1183, 1348, 1876, 1982, 2065, 2181, 2308, 2535, 4033, 4034, 4035, 4343, 4035, 4592
Mockapetris, P.V.: Domain names - implementation and specification. RFC 1035 (Standard) (November 1987), Updated by RFCs 1101, 1183, 1348, 1876, 1982, 1995, 1996, 2065, 2136, 2181, 2137, 2308, 2535, 2845, 3425, 3658, 4033, 4034, 4035, 4343
Olnet, M., Mullen, P., Miklavcic, K.: Dan Kaminsky’s 2008 DNS vulnerability (2008), http://www.ietf.org/mail-archive/web/dnsop/current/pdf2jgx6rzxN4.pdf
Perdisci, R., Antonakakis, M., Luo, X., Lee, W.: WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks. In: DSN-DCCS (2009)
Sacramento, V.: Vulnerability in the sending requests control of Bind version 4 and 8 allows DNS spoofing (November 2002), http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html
Schuba, C.: Addessing weaknesses in the domain name system protocol (1993), http://ftp.cerias.purdue.edu/pub/papers/christoph-schuba/
Secure Works. DNS cache poisoning - the next generation (2007), http://www.secureworks.com/research/articles/dns-cache-poisoning
S. Trenholme. MaraDNS 1.3.07.09, http://www.maradns.org .
Computer Academic Underground, http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
Wijngaards, W.: Resolver side mitigations (August 2008), http://tools.ietf.org/html/draft-wijngaards-dnsext-resolver-side-mitigation-00
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Son, S., Shmatikov, V. (2010). The Hitchhiker’s Guide to DNS Cache Poisoning. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-16161-2_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16160-5
Online ISBN: 978-3-642-16161-2
eBook Packages: Computer ScienceComputer Science (R0)