Blogs

If you follow IT news you might have heard something about a ‘DNS exploit’ squirreling its way around the Internet. It’s true, there is one and its a doozy. Something like 52% of all DNS servers on the Internet are vulnerable. There’s a fix, but it’s not easy to implement and its not a ’silver bullet’ either. For an easy-to-understand english language explanation, check out this post. The summary is as follows:

What’s new is that the bad guy doesn’t actually have to wait [for a DNS request]. DNS is actually more of a relay race than a sprint. Remember, you send a request to a server, and you might get a reply that says “www.foobar.com? Sure, here’s the IP address to use.� Or, you might get a message that says, “www.foobar.com? I don’t know, ask ns1.foobar.com, here’s its address.� That’s recursion. It’s not a bug, or a rarely used feature. DNS is always sending you to different servers to find a record — this is how the servers that run .com work.

And so, the attack. If someone’s trying to attack www.foobar.com, he doesn’t pull out the starter pistol for that particular name. After all, the server might not be willing to go out looking for www.foobar.com for hours. No, he declares races for 1.foobar.com, 2.foobar.com, 3.foobar.com, and so on.