Zone poisoning: The how and where of non-secure DNS dynamic updates

Maciej Korczynski; Michał Król; Michel Van Eeten

doi:10.1145/2987443.2987477

Zone poisoning: The how and where of non-secure DNS dynamic updates

Maciej Korczynski, Michał Król, Michel Van Eeten

Organisation & Governance

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

16 Citations (Scopus)

Abstract

This paper illuminates the problem of non-secure DNS dynamic updates, which allow a miscreant to manipulate DNS entries in the zone files of authoritative name servers. We refer to this type of attack as to zone poisoning. This paper presents the first measurement study of the vulnerability. We analyze a random sample of 2.9 million domains and the Alexa top 1 million domains and find that at least 1,877 (0.065%) and 587 (0.062%) of domains are vulnerable, respectively. Among the vulnerable domains are governments, health care providers and banks, demonstrating that the threat impacts important services. Via this study and subsequent notifications to affected parties, we aim to improve the security of the DNS ecosystem.

Original language	English
Title of host publication	IMC 2016 - Proceedings of the 2016 ACM Internet Measurement Conference
Publisher	Association for Computing Machinery (ACM)
Pages	271-278
Number of pages	8
Volume	14-16-November-2016
ISBN (Electronic)	9781450345262
DOIs	https://doi.org/10.1145/2987443.2987477
Publication status	Published - 2016
Event	2016 ACM Internet Measurement Conference, IMC 2016 - Santa Monica, United States Duration: 14 Nov 2016 → 16 Nov 2016

Conference

Conference	2016 ACM Internet Measurement Conference, IMC 2016
Country/Territory	United States
City	Santa Monica
Period	14/11/16 → 16/11/16

Keywords

Domain Name System
Dynamic updates
Measurement
Security
Zone poisoning

Access to Document

10.1145/2987443.2987477

Cite this

@inproceedings{ea94cc79ea514c6c9e7ea6e9142f5811,

title = "Zone poisoning: The how and where of non-secure DNS dynamic updates",

abstract = "This paper illuminates the problem of non-secure DNS dynamic updates, which allow a miscreant to manipulate DNS entries in the zone files of authoritative name servers. We refer to this type of attack as to zone poisoning. This paper presents the first measurement study of the vulnerability. We analyze a random sample of 2.9 million domains and the Alexa top 1 million domains and find that at least 1,877 (0.065%) and 587 (0.062%) of domains are vulnerable, respectively. Among the vulnerable domains are governments, health care providers and banks, demonstrating that the threat impacts important services. Via this study and subsequent notifications to affected parties, we aim to improve the security of the DNS ecosystem.",

keywords = "Domain Name System, Dynamic updates, Measurement, Security, Zone poisoning",

author = "Maciej Korczynski and Micha{\l} Kr{\'o}l and {Van Eeten}, Michel",

year = "2016",

doi = "10.1145/2987443.2987477",

language = "English",

volume = "14-16-November-2016",

pages = "271--278",

booktitle = "IMC 2016 - Proceedings of the 2016 ACM Internet Measurement Conference",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "2016 ACM Internet Measurement Conference, IMC 2016 ; Conference date: 14-11-2016 Through 16-11-2016",

}

Korczynski, M, Król, M & Van Eeten, M 2016, Zone poisoning: The how and where of non-secure DNS dynamic updates. in IMC 2016 - Proceedings of the 2016 ACM Internet Measurement Conference. vol. 14-16-November-2016, Association for Computing Machinery (ACM), pp. 271-278, 2016 ACM Internet Measurement Conference, IMC 2016, Santa Monica, United States, 14/11/16. https://doi.org/10.1145/2987443.2987477

Zone poisoning: The how and where of non-secure DNS dynamic updates. / Korczynski, Maciej; Król, Michał; Van Eeten, Michel.
IMC 2016 - Proceedings of the 2016 ACM Internet Measurement Conference. Vol. 14-16-November-2016 Association for Computing Machinery (ACM), 2016. p. 271-278.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Zone poisoning

T2 - 2016 ACM Internet Measurement Conference, IMC 2016

AU - Korczynski, Maciej

AU - Król, Michał

AU - Van Eeten, Michel

PY - 2016

Y1 - 2016

N2 - This paper illuminates the problem of non-secure DNS dynamic updates, which allow a miscreant to manipulate DNS entries in the zone files of authoritative name servers. We refer to this type of attack as to zone poisoning. This paper presents the first measurement study of the vulnerability. We analyze a random sample of 2.9 million domains and the Alexa top 1 million domains and find that at least 1,877 (0.065%) and 587 (0.062%) of domains are vulnerable, respectively. Among the vulnerable domains are governments, health care providers and banks, demonstrating that the threat impacts important services. Via this study and subsequent notifications to affected parties, we aim to improve the security of the DNS ecosystem.

AB - This paper illuminates the problem of non-secure DNS dynamic updates, which allow a miscreant to manipulate DNS entries in the zone files of authoritative name servers. We refer to this type of attack as to zone poisoning. This paper presents the first measurement study of the vulnerability. We analyze a random sample of 2.9 million domains and the Alexa top 1 million domains and find that at least 1,877 (0.065%) and 587 (0.062%) of domains are vulnerable, respectively. Among the vulnerable domains are governments, health care providers and banks, demonstrating that the threat impacts important services. Via this study and subsequent notifications to affected parties, we aim to improve the security of the DNS ecosystem.

KW - Domain Name System

KW - Dynamic updates

KW - Measurement

KW - Security

KW - Zone poisoning

UR - http://www.scopus.com/inward/record.url?scp=85000578154&partnerID=8YFLogxK

U2 - 10.1145/2987443.2987477

DO - 10.1145/2987443.2987477

M3 - Conference contribution

AN - SCOPUS:85000578154

VL - 14-16-November-2016

SP - 271

EP - 278

BT - IMC 2016 - Proceedings of the 2016 ACM Internet Measurement Conference

PB - Association for Computing Machinery (ACM)

Y2 - 14 November 2016 through 16 November 2016

ER -

Zone poisoning: The how and where of non-secure DNS dynamic updates

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cybersecurity (TPM)

Cite this

Zone poisoning: The how and where of non-secure DNS dynamic updates

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Projects

Cybersecurity (TPM)

Cite this