DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

2020-05-21 10:52

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server.

The recursive server contacts your DNS server for your dot.com for that information.

Your name server tells the recursive server it needs to look up another.

So the recursive server - key word recursive - connects to the DNS server for victim.com and asks for the records on all those sub-domains, and the victim.com DNS server replies with error messages for the non-existent sub-domains.

"An attacker who successfully exploited this vulnerability could cause the DNS Server service to become non-responsive."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/

#DNS #server