Recursive DNS Security Risks

Summary: NACS is turning off Recursive DNS due to security risks. Read below for more information on these risks.

What security risks are involved in recursive DNS?

Cache poisoning:

Through a carefully-crafted attack, it is possible to make a caching DNS server add incorrect DNS information to its cache memory. An attacker can therefore redirect users attempting to access a particular resource, say a financial institution website, and send them to a malicious site that collects personal account information. This attack is fairly difficult, and the exact number of successful cache poisoning attacks is not known. For more information on cache poisoning attacks, see the following:

• http://www.lurhq.com/dnscache.pdf
• http://isc.sans.org/diary.php?date=2005-04-07

Recursive DDoS attacks:

An attacker can take advantage of the caching server's recursive and caching capabilities and use these functions to produce a very large traffic spike toward a victim host. This is done by creating large DNS records in a rogue domain (usually owned by the attacker) and sending streams of DNS queries to caching servers. The queries are forged to appear to be from the victim host, and are sent to tens of thousands of caching DNS servers on the Internet. As all of these servers answer the queries, the victim host is targeted with a massive distributed denial-of-service attack (DDoS). Multi-gigabit per second traffic spikes have been observed at the victim hosts during actual attacks in the past few months, so the problem is serious and requires action among the operators of all caching DNS servers. More information on this attack is available here:

• http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf
• http://www.computerwire.com/industries/research/?pid=06EA389F-49D7-48B4-A856-17974DAC28F6