An analogy that is often used for the Domain Name System (DNS) is that it is the phonebook for the Internet. The DNS provides the mapping between the names that we use to identify applications, websites and e-mail recipients etc and the numerical addresses that are used by the components in networks. If an attacker can poison the DNS (i.e. make it return invalid information) then the user may unknowingly connect to the attacker’s service, rather than the correct one. The user may then be exposed to confidentiality, integrity and availability issues.

In July 2008, security researcher Dan Kaminsky disclosed a significant issue in DNS that allowed an attacker to be able to poison the DNS with information of the attacker’s choosing. Whilst this had always been possible, it was believed there was a narrow window of opportunity to attack, and that during that narrow window the possibility of a successful attack was very low. Dan Kaminsky showed that this was not the case; this report includes an analysis that shows an attack of 259 seconds duration has a 75% chance of success against vulnerable servers.

Weaknesses exist in client and server applications and operating systems, their configuration, procedures, people and the DNS protocol that allow a range of different factors that may cause confidentiality, integrity and availability issues to users and applications that rely on the DNS. This report provides an overview of related vulnerabilities and attacks, two of which are investigated in more detail; cache poisoning and amplification attacks (a type of denial of service attack).

DNS poisoning attacks can easily be conducted against servers not patched against the Kaminsky vulnerability. A tactical solution has been provided that makes these attacks harder, but still possible. A strategic solution is needed that provides a cryptographic response to cache poisoning. This report looks at two possible solutions to cache poisoning attacks: DNSSEC and DNSCurve, although neither provides the perfect solution.

The DNS is vulnerable to use in amplification attacks. The DNS can be abused to generate multigigabit attacks that can be used against any target to prevent legitimate use of resources at the target. Although DNSSEC provides protection against DNS poisoning attacks it does make amplification attacks easier.