DNS AND ITS

SECURITY ISSUES
NGUYEN THI CHUC - 2101040043

NGUYEN THI DUYEN - 2001040052

LE THU TRANG - 2101040190

NGUYEN THU PHUONG - 2101040144

Distributed Systems
 01 What is DNS?

02
OUTLINE
What is DNS security?

03 What are some common DNS security issues?

04 How to prevent these issues?

WHAT IS DNS?

DNS (Domain Name System) is a system that

translates human-friendly domain names into IP
addresses that computers use to identify each other
on the network.

It enables users to access websites using easily

remembered names instead of numeric IP
addresses.
What is DNS security?
DNS security is the practice of protecting DNS infrastructure from cyber attacks in order to keep it performing
quickly and reliably.
An effective DNS security strategy incorporates a number of overlapping defenses, including establishing
redundant DNS servers, applying security protocols like DNSSEC, and requiring rigorous DNS logging.
Common DNS
security issues
Common DNS security issues
DNS SPOOFING DDOS ATTACKS ON DNS DNS HIJACKING AND
What it is: an attack where corrupted
SERVERS REDIRECTION
DNS data is inserted into the cache of What is it: DDoS attacks overwhelm What it is: DNS hijacking involves
a DNS resolver, causing the resolver to DNS servers with a massive volume of taking control of a DNS server or
return an incorrect IP address. requests, causing them to become modifying DNS records to redirect
unresponsive. This disrupts access to traffic to malicious sites.
How it works: websites and online services
Manipulation of DNS Records: How it works:
Attackers intercept and modify How it works: Compromising DNS Settings:
DNS responses to direct users to Flooding DNS Servers: the Attackers gain access to DNS
fraudulent sites. attackers use botnets to send an settings and change them to point
Corrupting DNS Cache: Malicious overwhelming number of requests to malicious IP addresses.
data is inserted into the cache of a to a DNS server. Manipulating Registrar Records:
DNS server, which then returns Exhausting Resources: The server’s DNS records are altered at the
false information to users. resources are exhausted, leading to domain registrar, which redirects
service downtime or degraded traffic to attacker-controlled sites.
performance.
Common DNS security issues
DNS REBINDING ATTACKS DNS TUNNELING MAN-IN-THE-MIDDLE
ATTACKS ON DNS
What it is: an attack where exploits What is it: a sophisticated attack
the DNS system to bypass the same- method that exploits the DNS protocol What it is: attackers intercept and
origin policy in web browsers, allowing to tunnel unauthorized data or create alter DNS communications between
attackers to interact with internal covert communication channels. the user and the DNS server.
network services.
How it works: How it works:
How it works: Data Encoding: Attackers encode Intercepting DNS Traffic:
Rebinding DNS Responses: The the data they wish to exfiltrate Attackers position themselves
attacker tricks the victim’s browser within the DNS queries, sent to a between the user and the DNS
into repeatedly resolving a domain compromised and the attackers server, intercepting DNS queries
name to different IP addresses, take controll DNS server. and responses.
including those within the internal Decoding at the Attacker’s End: Modifying DNS Responses: DNS
network. The attacker’s DNS server receives responses are altered to redirect
Bypassing Same-Origin Policy: the encoded queries, extracts the users or deliver misinformation.
The attack leverages the browser’s data, and sends back encoded
same-origin policy to access responses to the compromised
internal services. machine.
How to prevent these issues?
1. Implement DNSSEC (DNS Security Extensions):
DNSSEC (Domain Name System Security Extensions) enhances DNS security by
allowing DNS data to be verified using digital signatures. This ensures the
authenticity and integrity of DNS responses, preventing DNS spoofing and cache
poisoning attacks.

2. Using DNS Filtering and Blocking

DNS filtering and blocking involve analyzing DNS queries and responses to
identify and block malicious domains. This helps prevent access to harmful sites
and reduces the risk of phishing, malware, and other cyber threats.

3. Employing Multi-Layered Security Strategies

A multi-layered security approach involves combining various security measures
to create a robust defense against DNS attacks. This strategy ensures that even if
one layer is breached, additional layers of protection can mitigate the impact.
How to prevent these issues?
4. Configuring DNS Servers Securely
Secure configuration of DNS servers is essential to reduce vulnerabilities and
protect against attacks. This includes implementing best practices for server
hardening, access control, and security protocols.

5. Monitoring and Logging DNS Traffic

Continuous monitoring and logging of DNS traffic are critical for detecting
suspicious activities and potential threats. By analyzing DNS traffic patterns,
organizations can identify anomalies that may indicate an ongoing attack or data
exfiltration attempt.

6. Choosing the Right DNS Software

Selecting the right DNS software is crucial for ensuring robust DNS security. The
software should offer advanced security features, scalability, and reliability to
handle your organization’s needs. Factors need to be considered:
Threat detection capabilities;
Ease of management;
Integration with other security tools.
 PART 2
ANSWER THE QUESTIONS
1.3. How does caching help a Caching improves the availability of the name service in
the following ways:
name service’s availability? Reduced load on the name service: Repeated
requests are served from the cache instead of querying
Caching works: the name service, reducing the number of queries and
helping the service handle more traffic.
Data in cache: is typically stored in RAM and can Improved Response Time: Replies from the cache are
also be used in conjunction with a software faster than querying the full name service.
component. Increased availability during service outages: When
=> Increases data retrieval performance by reducing the name service fails, the cache entries can still be
the need to access the slower underlying storage used.
layer. Reduced network traffic: Caching reduces traffic
Trading capacity for speed, caches typically store between the client and the name service, resulting in
a temporary set of data, as opposed to less data being transmitted.
databases where data is typically complete and Improved reliability: Caching helps maintain
persistent. operations even when the name service is temporarily
down.
1.4. Investigate your local configuration of DNS domains and servers. You may
find a program such as dig or nslookup installed, which enables you to carry out
individual name server queries.

The dig or nslookup program: checks how DNS servers are handling the conversion of domain
names to IP addresses, to ensure the accuracy, security, and performance of network access.
Using Cmd on Windows for nslookup:
//nslookup: nslookup example.com
This command will query DNS to find the IP address of the domain name example.com.
Using Terminal on Linux/macOS for dig:
//dig: dig example.com
This command queries the domain example.com and returns more detailed information about the
DNS query process.
 dig nslookup
Provides more detailed information, more Simple, easy to use, available on most operating
flexibility in DNS queries. systems (including Windows)

Supports many advanced options Less information and configuration options.

(DNSSEC, many record types).

Popular on Linux/macOS, needs to be Good for basic and quick DNS queries.
installed on Windows

Used for in-depth DNS analysis.

1.5. Discuss the potential advantages and drawbacks of the use of an X.500 directory service in
place of the DNS and the Internet mail delivery programs. Sketch the design of a mail delivery
system for an internetwork in which all mail users and mail hosts are registered in an X.500
database.

Definition: The “X.500” is the directory service similar to the conventional name
service but the primary use of the directory service is to satisfy the descriptive queries.
Generally, the users search and browse the director for a variety of requirements; for
this, the directory service helps to obtain the information about the entities.
For access to conventional email addresses (based on Internet Domain Names),
X.500 would provide a similar facilities to the DNS service. X.500 is designed to be
scalable. If this is achieved in practice, then it should meet the future needs of large-
scale networking better than DNS.
 Advantage Drawback
It is an attribute-based directory service. It is that searching with a wide scope is
In principle, users could address messages quite slow and costly in computing
to people by quoting their real names and resources, the scope could be limited by
their organisational affiliations, instead of the use of the organisational affiliation.
the Domain Name based addresses Several alternate mailboxes could be held
currently used. The mail system would in the directory server, providing
make a search request of X.500 to find faulttolerant mail delivery.
the corresponding DNS or other network
address of the user’s mailbox.
THANK YOU FOR
WATCHING!
Any question?