Visible to the public Zone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates

TitleZone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates
Publication TypeConference Paper
Year of Publication2016
AuthorsKorczyński, Maciej, Król, Micha\textbackslashl, van Eeten, Michel
Conference NameProceedings of the 2016 Internet Measurement Conference
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4526-2
Keywordscomposability, DNS, domain name system, dynamic updates, Dynamical Systems, Measurement, Metrics, pubcrawl, Resiliency, security, zone poisoning

This paper illuminates the problem of non-secure DNS dynamic updates, which allow a miscreant to manipulate DNS entries in the zone files of authoritative name servers. We refer to this type of attack as to zone poisoning. This paper presents the first measurement study of the vulnerability. We analyze a random sample of 2.9 million domains and the Alexa top 1 million domains and find that at least 1,877 (0.065%) and 587 (0.062%) of domains are vulnerable, respectively. Among the vulnerable domains are governments, health care providers and banks, demonstrating that the threat impacts important services. Via this study and subsequent notifications to affected parties, we aim to improve the security of the DNS ecosystem.

Citation Keykorczynski_zone_2016