Article Preview
Top1. Introduction
DNS is a critical part of network and internetwork infrastructure. However, it is vulnerable, and attackers have exploited vulnerabilities within the protocol to launch various kinds of attacks against it (Gupta, 2018). The DNS protocol does not provide origin of data for authenticity and it also lacks the mechanism to provide data integrity. Taking advantage of these vulnerabilities, the attackers can forge the DNS records and direct legitimate clients to malicious domains to fulfil their own vested interests. To overcome the problems of origin authentication and data integrity, DNSSEC was proposed. It is the result of focused and continuous efforts of the security communities to secure the DNS protocol (Krishnaswamy et al., 2009). DNSSEC solves these vulnerabilities wherein security parameters are added to the DNS responses from the server which allows the client to verify that the responses originated from the intended server and that the data in the responses is not forged. Over the past decade, attacks on the Internet and private networks are on the rise. Attackers look for vulnerabilities within protocols and software, which in turn assist them in exploiting those vulnerabilities to launch attacks (Stergiou et al., 2016; Tewari & Gupta, 2017; Memos et al., 2017). Two of the most fundamental and popular attacks against the DNS protocol are Cache Poisoning and Man-in-the-Middle (MITM) attacks. In a Cache Poisoning attack, the DNS server is manipulated in a way so that it accepts and stores false data in its cache. This data does not come from an authoritative DNS server but instead it comes from a malicious user who tries to corrupt the DNS server cache by providing false information. Best practice for DNS server administrators is to randomize the UDP source port number from which caching DNS servers send out query packets as a mitigation against cache poisoning attacks. In effect, the UDP port used for a query should not be the default port 53, but instead a port randomly chosen from the entire range of UDP ports (less the reserved ports). This UDP source port randomization (SPR) makes it more difficult attackers to guess query parameters (RFC5452, 2009).
Once the DNS server cache has been corrupted, the false information will remain in the cache until the Time to Live (TTL) expires. This attack has adverse effects on the clients wanting to access the domain names from the servers. DNS data that is provided by name servers lacks support for data origin authentication and data integrity. This makes DNS vulnerable to man in the middle (MITM) attacks, as well as a range of other attacks (Ariyapperuma and Mitchell, 2007). In MITM attacks, an attacker can intercept and modify the network traffic between the resolver and the server. This occurs because the DNS protocol does not provide integrity checks and hence it is possible for the attacker to intercept and modify the data within DNS requests or responses. In 2018, a major DNS spoofing attack left the MyEtherWallet (MEW) service compromised (Nation, 2018).