next up previous
Next: Performance - Latency Up: Problems with Legacy DNS Previous: Failure Resilience - Bottlenecks

Failure Resilience - Implementation Errors

The previous section showed that legacy DNS suffers from limited redundancy and various bottlenecks. In this section, we examine the feasibility of attacks that target these bottlenecks through known vulnerabilities in commonly deployed nameservers. Early studies [10,22,27] identified several implementation errors in legacy DNS servers that can lead to compromise. While many of these have been fixed, a significant percentage of nameservers continue to use buggy implementations. We surveyed 150,000 nameservers to determine if they contain any known vulnerabilities, based on the Berkeley Internet Name Daemon (BIND) exploit list maintained by the Internet Systems Consortium (ISC) [17]. Table 2 summarizes the results of this survey. Approximately 18% of servers do not respond to version queries, and about 14% do not report valid BIND versions. About 2% of nameserves have the tsig bug, which permits a buffer overflow that can enable malicious agents to gain access to the system. 19% of nameserves have the negcache problem that can be exploited to launch a DoS attack by providing negative responses with large TTL value from a malicious nameserver. Overall, exploiting the bottlenecks identified in the previous section is practical.


Table: Vulnerabilities in BIND: A significant percentage of nameservers use BIND versions with known security problems [17].
problem severity affected nameservers
    all domains top 500
tsig critical 2.08 % 0.59 %
nxt critical 0.09 % 0.15 %
negcache serious 19.03 % 2.57 %
sigrec serious 13.56 % 1.32 %
DoS multi serious 11.11 % 1.32 %
DoS findtype serious 2.58 % 0.59 %
srv serious 1.89 % 0.59 %
zxfr serious 1.81 % 0.44 %
libresolv serious 1.48 % 0 %
complain serious 1.33 % 0 %
so-linger serious 1.15 % 0.15 %
fdmax serious 1.15 % 0.15 %
sig serious 0.70 % 0.15 %
infoleak moderate 4.58 % 0.59 %
sigdiv0 moderate 1.86 % 0.59 %
openssl medium 1.71 % 0.37 %
naptr minor 2.58 % 0.15 %
maxdname minor 2.58 % 0.15 %



next up previous
Next: Performance - Latency Up: Problems with Legacy DNS Previous: Failure Resilience - Bottlenecks
beehive-l@cs.cornell.edu