Security researchers have found extreme domain name system (DNS) fixes that hackers may use to conduct constructive denial-of-service attacks on authoritative DNS servers. The bug they refer to as TsuNAME has been discovered by researchers from SIDN Labs and InternetNZ. The bug is a humongous reflection-based distributed denial of service (DDoS) amplification function attacking authoritative DNS servers.
Authoritative DNS servers are translated into IP addresses, such as 64.233.160.0, through web domains along like, www.google.com. One must realize the distinction between an authoritative and recursive DNS server to consider the context of the vulnerability and its functions.
Authoritative DNS servers, like Internet Service Providers (ISPs) and global tech giants, are usually operated by government and private sector organizations. Attackers trying to take advantage of the complexity of TsuNAME DNS target insecure recidivism resolutions to overload reputable servers, including large numbers of malicious DNS queries.
"Resolvers vulnerable to TsuNAME will send non-stop queries to authoritative servers that have cyclic dependent records," the researchers explain in their security advisory.
"While one resolver is unlikely to overwhelm an authoritative server, the aggregated effect from many looping, vulnerable recursive resolvers may as well do."
A potential effect after such an attack could be that authenticated DNS servers are downloaded, which may cause country-wide Internet interruption if a country code top-level domain (ccTLD) is impaired. It could be utilized to perform DDoS attacks on critical DNS infrastructure and services such as large TLDs or ccTLDs, which possibly impact country resources according to primary research materials which makes TsuNAME especially more dangerous.
"We observed 50% traffic increases due to TsuNAME in production in .nz ..
Support the originator by clicking the read the rest link below.
