Security News > 2021 > May > New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers

New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers
2021-05-06 17:40

Attackers can use a newly disclosed domain name server vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service attacks targeting authoritative DNS servers.

In simpler terms, authoritative DNS servers translate web domains to IP addresses and pass this info to recursive DNS servers that get queried by regular users' web browsers when trying to connect to a specific website.

Authoritative DNS servers are commonly managed by both government and private organizations, including Internet Service Providers and worldwide tech giants.

Attackers attempting to exploit the TsuNAME DNS vulnerability target vulnerable recursive resolvers and cause them to overwhelm authoritative servers with large amounts of malicious DNS queries.

According to the researchers, popular DNS resolvers such as Unbound, BIND, and KnotDNS are not affected by the TsuNAME DNS bug.

Authoritative server operators can also reduce the impact of TsuNAME attacks using the open-source CycleHunter tool, which helps prevent such events by detecting and pre-emptively fixing cyclic dependencies in their DNS zones.


News URL

https://www.bleepingcomputer.com/news/security/new-tsuname-dns-bug-allows-attackers-to-ddos-authoritative-dns-servers/