Detecting DNS Recursion Configuration Issues

By | August 11, 2006

Recently, Tenable was asked about detecting DNS servers that were configured to respond to DNS recursion queries. The issue is that a remote attacker could spoof a recursive DNS query with a source address of a network they wish to cause a denial of service for.

The attacker spoofs a query with a small payload and causes the DNS server to reply with much more data. This floods the target network with answers to questions it never asked for.

In 2005, the US CERT organization put out a note titled “The Continuing Denial of Service Threat Posed by DNS Recursion” which detailed the attack technique and methods to secure various commercial and open source DNS servers. This vulnerability has been around for several years but according to CERT, is still actively used for DDOS attacks. Tenable has two methods to detect these vulnerabilities.Read Full Story

Leave a Reply